Security Advisories

Command Injection Vulnerability

Affected versions: < 4.31.1
Date: 2020-12-11
CVE indentifier CVE-2020-26274, CVE-2020-28448

Impact

Here we had an issue that there was a possibility to inject commands to the command line of your machine via systeminformation. Affected commands: inetLatency().

Patch

Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.31.1

Workarround

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetLatency()

command injection vulnerability - prototype pollution

Affected versions: < 4.30.5
Date: 2020-11-26
CVE indentifier CVE-2020-26245

Impact

Here we had an issue that there was a possibility to inject commands to the command line by property pollution on the string object. Affected commands: inetChecksite().

Patch

Problem was fixed with a shell string sanitation fix as well as handling prototype polution. Please upgrade to version >= 4.30.5

Workarround

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetChecksite()

Command Injection Vulnerability

Affected versions: < 4.27.11
Date: 2020-10-26
CVE indentifier CVE-2020-7752

Impact

Here we had an issue that there was a possibility to inject commands to the command line of your machine via systeminformation. Affected commands: inetChecksite().

Patch

Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.27.11

Workarround

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetChecksite()