Description
wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code.
Remediation
References
https://github.com/thingsSDK/wifiscanner/issues/1
Related Vulnerabilities
CVE-2020-13956 Vulnerability in maven package org.apache.httpcomponents.client5:httpclient5
CVE-2021-25949 Vulnerability in npm package set-getter
CVE-2018-3754 Vulnerability in npm package query-mysql
CVE-2022-41404 Vulnerability in maven package org.ini4j:ini4j
CVE-2022-2047 Vulnerability in maven package org.eclipse.jetty:jetty-http