All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.
References
Link | Resource |
---|---|
https://github.com/baslr/node-smartctl/blob/f61266084d5b3e4baae9bd85f67ec4ec6a716736/index.js%23L18 | Broken Link |
https://security.snyk.io/vuln/SNYK-JS-SMARTCTL-3175613 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2023-01-25T05:00:03.902Z
Updated:
Reserved: 2022-02-24T11:58:23.986Z
Link: CVE-2022-21810
JSON object: View
NVD Information
Status : Modified
Published: 2023-01-26T21:15:28.803
Modified: 2023-11-07T03:43:43.950
Link: CVE-2022-21810
JSON object: View
Redhat Information
No data.
CWE