versions() fix Command Injection issue (linux), added smartmontools support (macOS)

2026-02-15 09:08:35 +01:00 · 2026-02-15 09:08:35 +01:00 · 2a28d2d083
commit 2a28d2d083
parent 5a534cd62a
4 changed files with 18 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -91,7 +91,7 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.

 | Version | Date       | Comment                                                                                             |
 | ------- | ---------- | --------------------------------------------------------------------------------------------------- |
-| 5.31.0  | 2026-02-15 | `diskLayout()` added smartmontools support (macOS)                                                  |
+| 5.31.0  | 2026-02-15 | `diskLayout()` added smartmontools support (macOS), `versions()` command injection issue (linux)    |
 | 5.30.8  | 2026-02-14 | `wifiNetworks()` fixed CWE-78 command injection issue (linux)                                       |
 | 5.30.7  | 2026-01-31 | `networkInterfaces()` fixed getWindowsIEEE8021x issue (windows)                                     |
 | 5.30.6  | 2026-01-22 | `graphics()` improved nvidia-smi detection (windows)                                                |
--- a/docs/history.html
+++ b/docs/history.html
@ -61,7 +61,7 @@
                      <th scope="row">5.31.0
                      </th>
                      <td>2026-02-15</td>
-                      <td><span class="code">diskLayout()</span> added smartmontools support (macOS)</td>
+                      <td><span class="code">diskLayout()</span> added smartmontools support (macOS), <span class="code">versions()</span> fix command injection</td>
                    </tr>
                    <tr>
                      <th scope="row">5.30.8
--- a/docs/index.html
+++ b/docs/index.html
@ -166,7 +166,7 @@
 <body>
  <header class="bg-image-full">
    <div class="top-container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.30.8</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.31.0</a>
      <img class="logo" src="assets/logo.png" alt="logo">
      <div class="title">systeminformation</div>
      <div class="subtitle"><span id="typed"></span>&nbsp;</div>
--- a/docs/security.html
+++ b/docs/security.html
@ -44,6 +44,21 @@
            <div class="col-12 sectionheader">
              <div class="title">Security Advisories</div>
              <div class="text">
+                <h2>versions() Command Injection Vulnerability</h2>
+                <p><span class="bold">Affected versions:</span>
+                  &lt; 5.31.0<br>
+                  <span class="bold">Date:</span> 2026-02-15<br>
+                  <span class="bold">CVE indentifier</span> ...
+                </p>
+
+                <h4>Impact</h4>
+                <p>We had an issue that there was a possibility to perform a potential command injection possibility by craft the malicious file path for postgres that is then used in <span class="code">versions()</span> on linux machines.</p>
+
+                <h4>Patch</h4>
+                <p>Problem was fixed with parameter checking and execFile. If you are using version 5, please upgrade to version >= 5.31.0.</p>
+                <hr>
+                <br>
+
                <h2>wifiNetworks Command Injection Vulnerability</h2>
                <p><span class="bold">Affected versions:</span>
                  &lt; 5.30.8<br>