updated docs

sebhildebrandt · Apr 8, 2021 · 8bb7559 · 8bb7559
1 parent 97196b1
commit 8bb7559
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 5 deletions.
diff --git a/docs/index.html b/docs/index.html
@@ -166,7 +166,7 @@
 <body>
   <header class="bg-image-full">
     <div class="top-container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.6.4</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.6.11</a>
       <img class="logo" src="assets/logo.png">
       <div class="title">systeminformation</div>
       <div class="subtitle"><span id="typed"></span>&nbsp;</div>

diff --git a/docs/security.html b/docs/security.html
@@ -44,10 +44,27 @@
             <div class="title">Security Advisories</div>
             <div class="text">
               <h2>Passing User Paramters to Systeminformation</h2>
-              <p>For most of the applications that are using <span class="code">systeminformation</span>, there is no reason to worry. <span class="bold">But be aware!</span> If you are using <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span> with arbitrary untrusted user input, you should pay extra attention! We are doing a lot of input sanitation for those functions inside this package but we cannot handle all cases!</p>
+              <p>For most of the applications that are using <span class="code">systeminformation</span>, there is no reason to worry. <span class="bold">But be aware!</span> If you are using <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span>, <span class="code">versions()</span> with arbitrary untrusted user input, you should pay extra attention! We are doing a lot of input sanitation for those functions inside this package but we cannot handle all cases!</p>
               <p class="warning">This can lead to serious impact on your servers!</p>
               <p>We highly recommend to always upgrade to the latest version of our package. We maintain security updates for version 5 AND also version 4. For version 4 you can install latest version by placing <span class="code">"systeminformation": "^4"</span> in your package.json (dependencies) and run <span class="code">npm install</span></p>
 
+              <h2>Command Injection Vulnerability</h2>
+              <p><span class="bold">Affected versions:</span>
+                &lt; 5.6.11 and &lt; 4.34.20<br>
+                <span class="bold">Date:</span> 2021-04-08<br>
+                <span class="bold">CVE indentifier</span> -
+              </p>
+
+              <h4>Impact</h4>
+              <p>We had an issue that there was a possibility to perform a potential command injection possibility by passing a non string values as a parameter to the <span class="code">versions()</span>.</p>
+
+              <h4>Patch</h4>
+              <p>Problem was fixed with parameter checking. Please upgrade to version >= 5.6.11 (or >= 4.34.20 if you are using version 4).</p>
+
+              <h4>Workarround</h4>
+              <p>If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to <span class="code">versions()</span> (string only)</p>
+              <hr>
+              <br>
               <h2>Command Injection Vulnerability</h2>
               <p><span class="bold">Affected versions:</span>
                 &lt; 5.6.4 and &lt; 4.34.17<br>

diff --git a/docs/v4/index.html b/docs/v4/index.html
@@ -165,12 +165,12 @@
 <body>
   <header class="bg-image-full">
     <div class="container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v4.34.17</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v4.34.20</a>
       <img class="logo" src="assets/logo.png">
       <div class="title">systeminformation </div>
       <div class="subtitle"><span id="typed"></span>&nbsp;</div>
       <div class="version larger">Version 4 documentation</div>
-      <div class="version">Current Version: <span id="version">4.34.19</span></div>
+      <div class="version">Current Version: <span id="version">4.34.20</span></div>
       <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
     </div>
     <div class="down">

diff --git a/docs/v4/security.html b/docs/v4/security.html
@@ -43,10 +43,27 @@
             <div class="title">Security Advisories</div>
             <div class="text">
               <h2>Passing User Paramters to Systeminformation</h2>
-              <p>For most of the applications that are using <span class="code">systeminformation</span>, there is no reason to worry. <span class="bold">But be aware!</span> If you are using <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span> with arbitrary untrusted user input, you should pay extra attention! We are doing a lot of input sanitation for those functions inside this package but we cannot handle all cases!</p>
+              <p>For most of the applications that are using <span class="code">systeminformation</span>, there is no reason to worry. <span class="bold">But be aware!</span> If you are using <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span>, <span class="code">versions()</span> with arbitrary untrusted user input, you should pay extra attention! We are doing a lot of input sanitation for those functions inside this package but we cannot handle all cases!</p>
               <p class="warning">This can lead to serious impact on your servers!</p>
               <p>We highly recommend to always upgrade to the latest version of our package. We maintain security updates for version 5 AND also version 4. For version 4 you can install latest version by placing <span class="code">"systeminformation": "^4"</span> in your package.json (dependencies) and run <span class="code">npm install</span></p>
 
+              <h2>Command Injection Vulnerability</h2>
+              <p><span class="bold">Affected versions:</span>
+                &lt; 4.34.20<br>
+                <span class="bold">Date:</span> 2021-04-08<br>
+                <span class="bold">CVE indentifier</span> -
+              </p>
+
+              <h4>Impact</h4>
+              <p>We had an issue that there was a possibility to perform a potential command injection possibility by passing a non string values as a parameter to the <span class="code">versions()</span>.</p>
+
+              <h4>Patch</h4>
+              <p>Problem was fixed with parameter checking. Please upgrade to version >= 4.34.20 if you are using version 4.</p>
+
+              <h4>Workarround</h4>
+              <p>If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to <span class="code">versions()</span> (string only)</p>
+              <hr>
+              <br>
               <h2>Command Injection Vulnerability</h2>
               <p><span class="bold">Affected versions:</span>
                 &lt; 4.34.17<br>