CVE-2023-42810
CVSS V2 None
CVSS V3 None
Description
systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).
Overview
- CVE ID
- CVE-2023-42810
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-09-21T17:11:54.756Z
- Last Modified Date
- 2023-09-21T17:11:54.756Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-gx6r-qc2v-3p3v | x_refsource_CONFIRM |
| https://github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22911c54c3446f4171392 | x_refsource_MISC |
| https://systeminformation.io/security.html | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-42810 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42810 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 13:43:28 | Added to TrackCVE |