CVE-2022-21810: Command injection in smartctl

January 26, 2023 (updated January 27, 2023)

All versions of the package smartctl is vulnerable to Command Injection via the info method due to improper input sanitization.

References

github.com/advisories/GHSA-69f2-4375-qv9h
github.com/baslr/node-smartctl/blob/f61266084d5b3e4baae9bd85f67ec4ec6a716736/index.js
nvd.nist.gov/vuln/detail/CVE-2022-21810
security.snyk.io/vuln/SNYK-JS-SMARTCTL-3175613

Detect and mitigate CVE-2022-21810 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →