logo

Database

Server side template injection In systeminformation

Description

systeminformation SSID Command Injection Vulnerability

Impact

SSID Command Injection Vulnerability

Patches

Problem was fixed with a parameter check. Please upgrade to version >= 5.21.7, Version 4 was not affected

Workarounds

If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to wifiConnections(), wifiNetworks() (string only)

References

See also https://systeminformation.io/security.html

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-428102. NVD-2023-428103. OSV-2023-428104. GHSA-gx6r-qc2v-3p3v5. GCVE-2023-42810

References

1. https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-gx6r-qc2v-3p3v2. https://github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22911c54c3446f41713923. https://systeminformation.io/security.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.