Description

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.

Remediation

References

https://security.snyk.io/vuln/SNYK-JS-SMARTCTL-3175613

https://github.com/baslr/node-smartctl/blob/f61266084d5b3e4baae9bd85f67ec4ec6a716736/index.js%23L18

Related Vulnerabilities

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-logparser

CVE-2011-3190 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2019-17570 Vulnerability in maven package org.apache.xmlrpc:xmlrpc

CVE-2021-3777 Vulnerability in npm package tmpl

CVE-2017-9805 Vulnerability in maven package org.apache.struts:struts2-core

Severity

High

Classification

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory Broken Link NVD-CWE-Other