Description

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.

Remediation

References

https://github.com/baslr/node-smartctl/blob/f61266084d5b3e4baae9bd85f67ec4ec6a716736/index.js%23L18

https://security.snyk.io/vuln/SNYK-JS-SMARTCTL-3175613

Related Vulnerabilities

CVE-2013-6393 Vulnerability in npm package libyaml

CVE-2022-31167 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security

CVE-2020-7633 Vulnerability in npm package apiconnect-cli-plugins

CVE-2021-3629 Vulnerability in maven package io.undertow:undertow-core

CVE-2022-45206 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core

Severity

High

Classification

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Exploit Third Party Advisory NVD-CWE-Other