Command Injection Vulnerability
Affected versions:
< 4.31.1
Date: 2020-12-11
CVE indentifier CVE-2020-26274, CVE-2020-28448
Impact
Here we had an issue that there was a possibility to inject commands to the command line of your machine via systeminformation. Affected commands: inetLatency().
Patch
Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.31.1
Workarround
If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetLatency()
command injection vulnerability - prototype pollution
Affected versions:
< 4.30.5
Date: 2020-11-26
CVE indentifier CVE-2020-26245
Impact
Here we had an issue that there was a possibility to inject commands to the command line by property pollution on the string object. Affected commands: inetChecksite().
Patch
Problem was fixed with a shell string sanitation fix as well as handling prototype polution. Please upgrade to version >= 4.30.5
Workarround
If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetChecksite()
Command Injection Vulnerability
Affected versions:
< 4.27.11
Date: 2020-10-26
CVE indentifier CVE-2020-7752
Impact
Here we had an issue that there was a possibility to inject commands to the command line of your machine via systeminformation. Affected commands: inetChecksite().
Patch
Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.27.11
Workarround
If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetChecksite()