From 1faadcbf68f1b1fdd5eb2054f68fc932be32ac99 Mon Sep 17 00:00:00 2001
From: Sebastian Hildebrandt <hildebrandt@plus-innovations.com>
Date: Fri, 11 Dec 2020 21:35:35 +0100
Subject: [PATCH] inetLatency() command injection vulnaribility fix

---
 CHANGELOG.md       |  1 +
 docs/history.html  |  5 +++++
 docs/index.html    |  4 ++--
 docs/security.html | 17 +++++++++++++++++
 lib/util.js        |  2 ++
 5 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b8a2bb3..832d04f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -30,6 +30,7 @@ For major (breaking) changes - version 3 and 2 see end of page.
 
 | Version        | Date           | Comment  |
 | -------------- | -------------- | -------- |
+| 4.31.1         | 2020-12-11     | `inetLatency()` command injection vulnaribility fix |
 | 4.31.0         | 2020-12-06     | `osInfo()` added FQDN |
 | 4.30.11        | 2020-12-02     | `cpu()` bug fix speed parsing |
 | 4.30.10        | 2020-12-01     | `cpu()` handled speed parsing error (Apple Silicon) |
diff --git a/docs/history.html b/docs/history.html
index 3329992..1fb4dc9 100644
--- a/docs/history.html
+++ b/docs/history.html
@@ -83,6 +83,11 @@
                   </tr>
                 </thead>
                 <tbody>
+                  <tr>
+                    <th scope="row">4.31.1</th>
+                    <td>2020-12-06</td>
+                    <td><span class="code">inetLatency()</span> command injection vulnaribility fix</td>
+                  </tr>
                   <tr>
                     <th scope="row">4.31.0</th>
                     <td>2020-12-06</td>
diff --git a/docs/index.html b/docs/index.html
index 83918cd..795a454 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -165,11 +165,11 @@
 <body>
   <header class="bg-image-full">
     <div class="container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v4.30.5</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v4.31.1</a>
       <img class="logo" src="assets/logo.png">
       <div class="title">systeminformation</div>
       <div class="subtitle"><span id="typed"></span></div>
-      <div class="version">Current Version: <span id="version">4.31.0</span></div>
+      <div class="version">Current Version: <span id="version">4.31.1</span></div>
       <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
     </div>
     <div class="down">
diff --git a/docs/security.html b/docs/security.html
index 6b0b9f6..c0d09b5 100644
--- a/docs/security.html
+++ b/docs/security.html
@@ -42,6 +42,23 @@
           <div class="col-12 sectionheader">
             <div class="title">Security Advisories</div>
             <div class="text">
+              <h2>Command Injection Vulnerability</h2>
+              <p><span class="bold">Affected versions:</span>
+                < 4.31.1<br>
+                  <span class="bold">Date:</span> 2020-12-11<br>
+                  <span class="bold">CVE indentifier</span> (not yet)
+              </p>
+
+              <h4>Impact</h4>
+              <p>Here we had an issue that there was a possibility to inject commands to the command line of your machine via systeminformation. Affected commands: <span class="code">inetLatency()</span>.</p>
+
+              <h4>Patch</h4>
+              <p>Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.31.1</p>
+
+              <h4>Workarround</h4>
+              <p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span></p>
+
+
               <h2>command injection vulnerability - prototype pollution</h2>
               <p><span class="bold">Affected versions:</span>
                 < 4.30.5<br>
diff --git a/lib/util.js b/lib/util.js
index 205e574..1931a88 100644
--- a/lib/util.js
+++ b/lib/util.js
@@ -521,6 +521,8 @@ function sanitizeShellString(str) {
       s[i] === '\\' ||
       s[i] === '\t' ||
       s[i] === '\n' ||
+      s[i] === '\'' ||
+      s[i] === '`' ||
       s[i] === '"')) {
       result = result + s[i];
     }