Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
updated docs
  • Loading branch information
sebhildebrandt committed Mar 14, 2021
1 parent af9b8a5 commit d84fea9
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 4 deletions.
4 changes: 2 additions & 2 deletions docs/security.html
Expand Up @@ -45,7 +45,7 @@
<div class="text">
<h2>Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 5.6.3 and &lt; 4.34.13<br>
&lt; 5.6.3 and &lt; 4.34.16<br>
<span class="bold">Date:</span> 2021-03-14<br>
<span class="bold">CVE indentifier</span> -
</p>
Expand All @@ -54,7 +54,7 @@ <h4>Impact</h4>
<p>We had an issue that there was a possibility to perform a potential command injection possibility by passing a manipulated string prototype as a parameter to the following functions. Affected commands: <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span>.</p>

<h4>Patch</h4>
<p>Problem was fixed with additional parameter checking. Please upgrade to version >= 5.6.3 (or >= 4.34.13 if you are using version 4).</p>
<p>Problem was fixed with additional parameter checking. Please upgrade to version >= 5.6.3 (or >= 4.34.16 if you are using version 4).</p>

<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span> (string only)</p>
Expand Down
5 changes: 5 additions & 0 deletions docs/v4/history.html
Expand Up @@ -83,6 +83,11 @@ <h3>Full version history</h3>
</tr>
</thead>
<tbody>
<tr>
<th scope="row">4.34.16</th>
<td>2021-03-14</td>
<td><span class="code">sanitizeShellString()</span> improvements</td>
</tr>
<tr>
<th scope="row">4.34.15</th>
<td>2020-02-23</td>
Expand Down
4 changes: 2 additions & 2 deletions docs/v4/index.html
Expand Up @@ -165,12 +165,12 @@
<body>
<header class="bg-image-full">
<div class="container">
<a href="security.html" class="recommendation">Security advisory:<br>Update to v4.34.11</a>
<a href="security.html" class="recommendation">Security advisory:<br>Update to v4.34.16</a>
<img class="logo" src="assets/logo.png">
<div class="title">systeminformation </div>
<div class="subtitle"><span id="typed"></span>&nbsp;</div>
<div class="version larger">Version 4 documentation</div>
<div class="version">Current Version: <span id="version">4.34.15</span></div>
<div class="version">Current Version: <span id="version">4.34.16</span></div>
<button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
</div>
<div class="down">
Expand Down
17 changes: 17 additions & 0 deletions docs/v4/security.html
Expand Up @@ -42,6 +42,23 @@
<div class="col-12 sectionheader">
<div class="title">Security Advisories</div>
<div class="text">
<h2>Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 4.34.13<br>
<span class="bold">Date:</span> 2021-03-14<br>
<span class="bold">CVE indentifier</span> -
</p>

<h4>Impact</h4>
<p>We had an issue that there was a possibility to perform a potential command injection possibility by passing a manipulated string prototype as a parameter to the following functions. Affected commands: <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span>.</p>

<h4>Patch</h4>
<p>Problem was fixed with additional parameter checking. Please upgrade to version >= 4.34.13 if you are using version 4.</p>

<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span> (string only)</p>
<hr>
<br>
<h2>Insufficient File Scheme Validation</h2>
<p><span class="bold">Affected versions:</span>
4.34.12<br>
Expand Down

0 comments on commit d84fea9

Please sign in to comment.