mike/systeminformation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

users(), wifiNetworks() fixed parsing (macOS Seguoia)

Browse Source
This commit is contained in:
Sebastian Hildebrandt
2024-12-21 15:46:53 +01:00
parent d32376c688
commit 195177bc03
8 changed files with 78 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/history.html
+5
View File
@@ -57,6 +57,11 @@
</tr>
</thead>
<tbody>
<tr>
<th scope="row">5.23.15</th>
<td>2024-12-21</td>
<td><span class="code">users()</span>, <span class="code">wifiNetworks()</span> fixed parsing (macOS Seguoia)</td>
</tr>
<tr>
<th scope="row">5.23.14</th>
<td>2024-12-18</td>
docs/index.html
+3 -3
View File
@@ -166,11 +166,11 @@
<body>
<header class="bg-image-full">
<div class="top-container">
<a href="security.html" class="recommendation">Security advisory:<br>Update to v5.21.8</a>
<a href="security.html" class="recommendation">Security advisory:<br>Update to v5.23.7</a>
<img class="logo" src="assets/logo.png" alt="logo">
<div class="title">systeminformation</div>
<div class="subtitle"><span id="typed"></span>&nbsp;</div>
<div class="version">New Version: <span id="version">5.23.13</span></div>
<div class="version">New Version: <span id="version">5.23.15</span></div>
<button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
</div>
<div class="down">
@@ -204,7 +204,7 @@
</div>
<div class="row number-section">
<div class="col-xl-4 col-lg-4 col-md-4 col-12">
<div class="numbers">17,089</div>
<div class="numbers">17,135</div>
<div class="title">Lines of code</div>
</div>
<div class="col-xl-4 col-lg-4 col-md-4 col-12">
docs/security.html
+17
View File
@@ -44,10 +44,27 @@
<div class="col-12 sectionheader">
<div class="title">Security Advisories</div>
<div class="text">
<h2>SSID Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 5.23.7<br>
<span class="bold">Date:</span> 2024-11-11<br>
<span class="bold">CVE indentifier</span> CVE-2024-56334
</p>
<h4>Impact</h4>
<p>We had an issue that there was a possibility to perform a potential command injection possibility by crafting detected SSIDs in <span class="code">networkInterfaces()</span> on windows machines.</p>
<h4>Patch</h4>
<p>Problem was fixed with parameter checking. If you are using version 5, please upgrade to version >= 5.23.7.</p>
<hr>
<br>
<h2>Passing User Paramters to Systeminformation</h2>
<p>For most of the applications that are using <span class="code">systeminformation</span>, there is no reason to worry. <span class="bold">But be aware!</span> If you are using <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span>, <span class="code">versions()</span> with arbitrary untrusted user input, you should pay extra attention! We are doing a lot of input sanitation for those functions inside this package but we cannot handle all cases!</p>
<p class="warning">This can lead to serious impact on your servers!</p>
<p>We highly recommend to always upgrade to the latest version of our package. We maintain security updates for version 5 AND also version 4. For version 4 you can install latest version by placing <span class="code">"systeminformation": "^4"</span> in your package.json (dependencies) and run <span class="code">npm install</span></p>
<hr>
<br>
<h2>SSID Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>