Critical severityNVD Advisory· Published Sep 21, 2023· Updated Sep 24, 2024
systeminformation SSID Command Injection Vulnerability
CVE-2023-42810
Description
systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to wifiConnections(), wifiNetworks() (string only).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
systeminformationnpm | >= 5.0.0, < 5.21.7 | 5.21.7 |
Affected products
2- Range: >= 5.0.0, < 5.21.7
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-gx6r-qc2v-3p3vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-42810ghsaADVISORY
- github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22911c54c3446f4171392ghsax_refsource_MISCWEB
- github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-gx6r-qc2v-3p3vghsax_refsource_CONFIRMWEB
- systeminformation.io/security.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.