Description
wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code.
Remediation
References
https://github.com/thingsSDK/wifiscanner/issues/1
Related Vulnerabilities
CVE-2021-43787 Vulnerability in npm package nodebb
CVE-2020-7673 Vulnerability in npm package node-extend
CVE-2017-3201 Vulnerability in maven package com.exadel.flamingo.flex:amf-serializer
CVE-2020-14967 Vulnerability in maven package org.webjars.npm:jsrsasign
CVE-2015-0266 Vulnerability in maven package org.apache.ranger:ranger