updated docs

2021-05-04 16:23:13 +02:00 · 2021-05-04 16:23:13 +02:00 · 6cd9dd15b0
commit 6cd9dd15b0
parent 2b9aeae762
7 changed files with 61 additions and 11 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -77,6 +77,7 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.

 | Version        | Date           | Comment  |
 | -------------- | -------------- | -------- |
+| 5.6.13         | 2021-05-04     | `dockerImagesInspect()`, `dockerContainerInspect()`, `dockerContainerProcesses()` security updates |
 | 5.6.12         | 2021-04-09     | `networkinterfaces()` windows detection fix |
 | 5.6.11         | 2021-04-08     | `versions()` parameter sanitation |
 | 5.6.10         | 2021-03-29     | `vboxInfo()` fixed windows bug |
--- a/docs/history.html
+++ b/docs/history.html
@ -56,6 +56,11 @@
                  </tr>
                </thead>
                <tbody>
+                  <tr>
+                    <th scope="row">5.6.13</th>
+                    <td>2021-05-04</td>
+                    <td><span class="code">dockerImagesInspect()</span> <span class="code">dockerContainerInspect()</span> <span class="code">dockerContainerProcesses()</span> parameter sanitation</td>
+                  </tr>
                  <tr>
                    <th scope="row">5.6.12</th>
                    <td>2021-04-09</td>
@ -2277,4 +2282,4 @@

 </body>

-</html>
+</html>
--- a/docs/index.html
+++ b/docs/index.html
@ -166,11 +166,11 @@
 <body>
  <header class="bg-image-full">
    <div class="top-container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.6.11</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.6.13</a>
      <img class="logo" src="assets/logo.png">
      <div class="title">systeminformation</div>
      <div class="subtitle"><span id="typed"></span>&nbsp;</div>
-      <div class="version">New Version: <span id="version">5.6.12</span></div>
+      <div class="version">New Version: <span id="version">5.6.13</span></div>
      <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
    </div>
    <div class="down">
@ -211,7 +211,7 @@
        <div class="title">Downloads last month</div>
      </div>
      <div class="col-xl-4 col-lg-4 col-md-4 col-12">
-        <div class="numbers">410</div>
+        <div class="numbers">413</div>
        <div class="title">Dependents</div>
      </div>
    </div>
@ -398,4 +398,4 @@
  </script>
 </body>

-</html>
+</html>
--- a/docs/security.html
+++ b/docs/security.html
@ -48,6 +48,23 @@
              <p class="warning">This can lead to serious impact on your servers!</p>
              <p>We highly recommend to always upgrade to the latest version of our package. We maintain security updates for version 5 AND also version 4. For version 4 you can install latest version by placing <span class="code">"systeminformation": "^4"</span> in your package.json (dependencies) and run <span class="code">npm install</span></p>

+              <h2>Command Injection Vulnerability</h2>
+              <p><span class="bold">Affected versions:</span>
+                &lt; 5.6.13 and &lt; 4.34.21<br>
+                <span class="bold">Date:</span> 2021-05-04<br>
+                <span class="bold">CVE indentifier</span> -
+              </p>
+
+              <h4>Impact</h4>
+              <p>We had an issue that there was a possibility to perform a potential command injection possibility by passing a non string values as a parameter to the <span class="code">dockerImagesInspect()</span>, <span class="code">dockerContainerInspect()</span>, <span class="code">dockerContainerProcesses()</span>.</p>
+
+              <h4>Patch</h4>
+              <p>Problem was fixed with parameter checking. Please upgrade to version >= 5.6.13 (or >= 4.34.21 if you are using version 4).</p>
+
+              <h4>Workarround</h4>
+              <p>If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to <span class="code">dockerImagesInspect()</span>, <span class="code">dockerContainerInspect()</span>, <span class="code">dockerContainerProcesses()</span> (string only)</p>
+              <hr>
+              <br>
              <h2>Command Injection Vulnerability</h2>
              <p><span class="bold">Affected versions:</span>
                &lt; 5.6.11 and &lt; 4.34.20<br>
@ -236,4 +253,4 @@
  </script>
 </body>

-</html>
+</html>
--- a/docs/v4/history.html
+++ b/docs/v4/history.html
@ -83,6 +83,16 @@
                  </tr>
                </thead>
                <tbody>
+                  <tr>
+                    <th scope="row">4.34.21</th>
+                    <td>2021-05-04</td>
+                    <td><span class="code">dockerContainerInspect()</span> <span class="code">dockerContainerProcesses()</span> parameter validation fix</td>
+                  </tr>
+                  <tr>
+                    <th scope="row">4.34.20</th>
+                    <td>2021-05-04</td>
+                    <td><span class="code">versions()</span> parameter sanitation</td>
+                  </tr>
                  <tr>
                    <th scope="row">4.34.19</th>
                    <td>2021-03-16</td>
@ -2132,4 +2142,4 @@

 </body>

-</html>
+</html>
--- a/docs/v4/index.html
+++ b/docs/v4/index.html
@ -165,12 +165,12 @@
 <body>
  <header class="bg-image-full">
    <div class="container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v4.34.20</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v4.34.21</a>
      <img class="logo" src="assets/logo.png">
      <div class="title">systeminformation </div>
      <div class="subtitle"><span id="typed"></span>&nbsp;</div>
      <div class="version larger">Version 4 documentation</div>
-      <div class="version">Current Version: <span id="version">4.34.20</span></div>
+      <div class="version">Current Version: <span id="version">4.34.21</span></div>
      <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
    </div>
    <div class="down">
@ -369,4 +369,4 @@
  </script>
 </body>

-</html>
+</html>
--- a/docs/v4/security.html
+++ b/docs/v4/security.html
@ -47,6 +47,23 @@
              <p class="warning">This can lead to serious impact on your servers!</p>
              <p>We highly recommend to always upgrade to the latest version of our package. We maintain security updates for version 5 AND also version 4. For version 4 you can install latest version by placing <span class="code">"systeminformation": "^4"</span> in your package.json (dependencies) and run <span class="code">npm install</span></p>

+              <h2>Command Injection Vulnerability</h2>
+              <p><span class="bold">Affected versions:</span>
+                &lt; 4.34.21<br>
+                <span class="bold">Date:</span> 2021-05-04<br>
+                <span class="bold">CVE indentifier</span> -
+              </p>
+
+              <h4>Impact</h4>
+              <p>We had an issue that there was a possibility to perform a potential command injection possibility by passing a non string values as a parameter to the <span class="code">dockerContainerInspect()</span>, <span class="code">dockerContainerProcesses()</span>.</p>
+
+              <h4>Patch</h4>
+              <p>Problem was fixed with parameter checking. Please upgrade to version >= 4.34.21 if you are using version 4.</p>
+
+              <h4>Workarround</h4>
+              <p>If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to <span class="code">dockerContainerInspect()</span>, <span class="code">dockerContainerProcesses()</span> (string only)</p>
+              <hr>
+              <br>
              <h2>Command Injection Vulnerability</h2>
              <p><span class="bold">Affected versions:</span>
                &lt; 4.34.20<br>
@ -231,4 +248,4 @@
  </script>
 </body>

-</html>
+</html>