Vulnerabilities > CVE-2022-21810 - Unspecified vulnerability in Smartctl Project Smartctl
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://github.com/baslr/node-smartctl/blob/f61266084d5b3e4baae9bd85f67ec4ec6a716736/index.js%23L18
- https://github.com/baslr/node-smartctl/blob/f61266084d5b3e4baae9bd85f67ec4ec6a716736/index.js%23L18
- https://security.snyk.io/vuln/SNYK-JS-SMARTCTL-3175613
- https://security.snyk.io/vuln/SNYK-JS-SMARTCTL-3175613