updated docs

sebhildebrandt · Feb 14, 2021 · ca2d753 · ca2d753
1 parent 07daa05
commit ca2d753
Show file tree

Hide file tree

Showing 7 changed files with 56 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -72,6 +72,7 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.
 
 | Version        | Date           | Comment  |
 | -------------- | -------------- | -------- |
+| 5.3.1          | 2020-02-14     | `inetLatency()` `ineChecksite()` `servcices()` `processes()` fixed possible security issue |
 | 5.3.0          | 2020-02-12     | `osInfo()` added remoteSession (windows) |
 | 5.2.7          | 2020-02-12     | `fsStats()`, `blockDevices()` improved linux |
 | 5.2.6          | 2020-02-12     | `inetLatency()` fixed possible DOS intrusion |

diff --git a/docs/history.html b/docs/history.html
@@ -56,6 +56,11 @@ <h3>Full version history</h3>
                   </tr>
                 </thead>
                 <tbody>
+                  <tr>
+                    <th scope="row">5.3.1</th>
+                    <td>2020-02-14</td>
+                    <td><span class="code">inetLatency()</span> <span class="code">inetChecksite()</span> <span class="code">services()</span> <span class="code">processLoad()</span> fix possible security issue</td>
+                  </tr>
                   <tr>
                     <th scope="row">5.3.0</th>
                     <td>2020-02-12</td>

diff --git a/docs/index.html b/docs/index.html
@@ -166,11 +166,11 @@
 <body>
   <header class="bg-image-full">
     <div class="top-container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.2.6</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.3.1</a>
       <img class="logo" src="assets/logo.png">
       <div class="title">systeminformation</div>
       <div class="subtitle"><span id="typed"></span>&nbsp;</div>
-      <div class="version">New Version: <span id="version">5.3.0</span></div>
+      <div class="version">New Version: <span id="version">5.3.1</span></div>
       <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
     </div>
     <div class="down">

diff --git a/docs/security.html b/docs/security.html
@@ -43,6 +43,23 @@
           <div class="col-12 sectionheader">
             <div class="title">Security Advisories</div>
             <div class="text">
+              <h2>Command Injection Vulnerability</h2>
+              <p><span class="bold">Affected versions:</span>
+                &lt; 5.3.1 and &lt; 4.34.11<br>
+                <span class="bold">Date:</span> 2021-02-14<br>
+                <span class="bold">CVE indentifier</span> -
+              </p>
+
+              <h4>Impact</h4>
+              <p>We had an issue that there was a possibility to perform a potential command injection possibility by passing a manipulated array as a parameter to the following functions. Affected commands: <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span>.</p>
+
+              <h4>Patch</h4>
+              <p>Problem was fixed with additional parameter checking. Please upgrade to version >= 5.3.1 (or >= 4.34.11 if you are using version 4).</p>
+
+              <h4>Workarround</h4>
+              <p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span> (string only)</p>
+              <hr>
+              <br>
               <h2>DOS Injection Vulnerability</h2>
               <p><span class="bold">Affected versions:</span>
                 &lt; 5.2.6 and &lt; 4.34.10<br>

diff --git a/docs/v4/history.html b/docs/v4/history.html
@@ -83,6 +83,11 @@ <h3>Full version history</h3>
                   </tr>
                 </thead>
                 <tbody>
+                  <tr>
+                    <th scope="row">4.34.11</th>
+                    <td>2020-02-14</td>
+                    <td><span class="code">inetLatency()</span> <span class="code">inetChecksite()</span> <span class="code">services()</span> <span class="code">processes()</span> possible security fix</td>
+                  </tr>
                   <tr>
                     <th scope="row">4.34.10</th>
                     <td>2020-02-12</td>

diff --git a/docs/v4/index.html b/docs/v4/index.html
@@ -165,12 +165,12 @@
 <body>
   <header class="bg-image-full">
     <div class="container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v4.34.10</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v4.34.11</a>
       <img class="logo" src="assets/logo.png">
       <div class="title">systeminformation </div>
       <div class="subtitle"><span id="typed"></span>&nbsp;</div>
       <div class="version larger">Version 4 documentation</div>
-      <div class="version">Current Version: <span id="version">4.34.10</span></div>
+      <div class="version">Current Version: <span id="version">4.34.11</span></div>
       <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
     </div>
     <div class="down">

diff --git a/docs/v4/security.html b/docs/v4/security.html
@@ -42,6 +42,23 @@
           <div class="col-12 sectionheader">
             <div class="title">Security Advisories</div>
             <div class="text">
+              <h2>Command Injection Vulnerability</h2>
+              <p><span class="bold">Affected versions:</span>
+                &lt; 4.34.11<br>
+                <span class="bold">Date:</span> 2021-02-14<br>
+                <span class="bold">CVE indentifier</span> -
+              </p>
+
+              <h4>Impact</h4>
+              <p>We had an issue that there was a possibility to perform a potential command injection possibility by passing a manipulated array as a parameter to the following functions. Affected commands: <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span>.</p>
+
+              <h4>Patch</h4>
+              <p>Problem was fixed with additional parameter checking. Please upgrade to version >= 4.34.11 if you are using version 4.</p>
+
+              <h4>Workarround</h4>
+              <p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span> (string only)</p>
+              <hr>
+              <br>
               <h2>DOS Injection Vulnerability</h2>
               <p><span class="bold">Affected versions:</span>
                 &lt; 4.34.10<br>
@@ -57,7 +74,8 @@ <h4>Patch</h4>
 
               <h4>Workarround</h4>
               <p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span> (no spaces)</p>
-
+              <hr>
+              <br>
               <h2>Command Injection Vulnerability</h2>
               <p><span class="bold">Affected versions:</span>
                 < 4.31.1<br>
@@ -73,9 +91,9 @@ <h4>Patch</h4>
 
               <h4>Workarround</h4>
               <p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span></p>
-
-
-              <h2>command injection vulnerability - prototype pollution</h2>
+              <hr>
+              <br>
+              <h2>Command Injection Vulnerability - prototype pollution</h2>
               <p><span class="bold">Affected versions:</span>
                 < 4.30.5<br>
                   <span class="bold">Date:</span> 2020-11-26<br>
@@ -90,8 +108,8 @@ <h4>Patch</h4>
 
               <h4>Workarround</h4>
               <p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetChecksite()</span></p>
-
-
+              <hr>
+              <br>
               <h2>Command Injection Vulnerability</h2>
               <p><span class="bold">Affected versions:</span>
                 < 4.27.11<br>