Command Injection Vulnerability
Affected versions:
- < 5.6.3 and < 4.34.13
+ < 5.6.3 and < 4.34.16
Date: 2021-03-14
CVE indentifier -
We had an issue that there was a possibility to perform a potential command injection possibility by passing a manipulated string prototype as a parameter to the following functions. Affected commands: inetLatency(), inetChecksite(), services(), processLoad().
Patch
-Problem was fixed with additional parameter checking. Please upgrade to version >= 5.6.3 (or >= 4.34.13 if you are using version 4).
+Problem was fixed with additional parameter checking. Please upgrade to version >= 5.6.3 (or >= 4.34.16 if you are using version 4).
Workarround
If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to inetLatency(), inetChecksite(), services(), processLoad() (string only)
diff --git a/docs/v4/history.html b/docs/v4/history.html index 14962b5..8efd931 100644 --- a/docs/v4/history.html +++ b/docs/v4/history.html @@ -83,6 +83,11 @@ +Update to v4.34.11 + Security advisory:
Update to v4.34.16
Command Injection Vulnerability
+Affected versions:
+ < 4.34.13
+ Date: 2021-03-14
+ CVE indentifier -
+
Impact
+We had an issue that there was a possibility to perform a potential command injection possibility by passing a manipulated string prototype as a parameter to the following functions. Affected commands: inetLatency(), inetChecksite(), services(), processLoad().
+ +Patch
+Problem was fixed with additional parameter checking. Please upgrade to version >= 4.34.13 if you are using version 4.
+ +Workarround
+If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to inetLatency(), inetChecksite(), services(), processLoad() (string only)
++
Insufficient File Scheme Validation
Affected versions:
4.34.12