Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01aDhjLThjY3AtOGdtaM4AAxUM
mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization
Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function.
Permalink: https://github.com/advisories/GHSA-5h8c-8ccp-8gmhJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01aDhjLThjY3AtOGdtaM4AAxUM
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
CVSS Score: 7.8
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-5h8c-8ccp-8gmh, CVE-2022-25916
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25916
- https://github.com/simenkid/mt7688-wiscan/commit/ff6d6567c65b4e972916a8fbc4533212f20a2fa5
- https://github.com/simenkid/mt7688-wiscan/blob/master/index.js%23L22
- https://security.snyk.io/vuln/SNYK-JS-MT7688WISCAN-3177394
- https://github.com/advisories/GHSA-5h8c-8ccp-8gmh
Blast Radius: 0.0
Affected Packages
npm:mt7688-wiscan
Dependent packages: 2Dependent repositories: 1
Downloads: 12 last month
Affected Version Ranges: < 0.8.3
Fixed in: 0.8.3
All affected versions: 0.8.2
All unaffected versions: 0.8.3