mike/systeminformation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

versions() fix Command Injection issue (linux), added smartmontools support (macOS)

Browse Source
This commit is contained in:
Sebastian Hildebrandt
2026-02-15 09:08:35 +01:00
parent 5a534cd62a
commit 2a28d2d083
4 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/security.html
+15
View File
@@ -44,6 +44,21 @@
<div class="col-12 sectionheader">
<div class="title">Security Advisories</div>
<div class="text">
<h2>versions() Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 5.31.0<br>
<span class="bold">Date:</span> 2026-02-15<br>
<span class="bold">CVE indentifier</span> ...
</p>
<h4>Impact</h4>
<p>We had an issue that there was a possibility to perform a potential command injection possibility by craft the malicious file path for postgres that is then used in <span class="code">versions()</span> on linux machines.</p>
<h4>Patch</h4>
<p>Problem was fixed with parameter checking and execFile. If you are using version 5, please upgrade to version >= 5.31.0.</p>
<hr>
<br>
<h2>wifiNetworks Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 5.30.8<br>