Vulnerability Description
systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systeminformation | Systeminformation | >= 5.0.0, < 5.21.7 |
Related Weaknesses (CWE)
References
- https://github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22Patch
- https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-gx6Vendor Advisory
- https://systeminformation.io/security.htmlVendor Advisory
- https://github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22Patch
- https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-gx6Vendor Advisory
- https://systeminformation.io/security.htmlVendor Advisory
FAQ
What is CVE-2023-42810?
CVE-2023-42810 is a vulnerability with a CVSS score of 9.8 (CRITICAL). systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7...
How severe is CVE-2023-42810?
CVE-2023-42810 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-42810?
Check the references section above for vendor advisories and patch information. Affected products include: Systeminformation Systeminformation.