Vulnerability Details CVE-2022-21810
All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.7%
CVSS Severity
CVSS v3 Score 7.4
References
- https://github.com/baslr/node-smartctl/blob/f61266084d5b3e4baae9bd85f67ec4ec6a716736/index.js%23L18
- https://security.snyk.io/vuln/SNYK-JS-SMARTCTL-3175613
- https://github.com/baslr/node-smartctl/blob/f61266084d5b3e4baae9bd85f67ec4ec6a716736/index.js%23L18
- https://security.snyk.io/vuln/SNYK-JS-SMARTCTL-3175613
Products affected by CVE-2022-21810
-
cpe:2.3:a:smartctl_project:smartctl:-
-
cpe:2.3:a:smartctl_project:smartctl:1.0.0