CVE-2022-25890: wifey vulnerable to Command Injection due to improper input sanitization

January 9, 2023 (updated November 7, 2023)

All versions of the package wifey is vulnerable to Command Injection via the connect() function due to improper input sanitization.

References

github.com/advisories/GHSA-xj9v-6q2f-vqhx
nvd.nist.gov/vuln/detail/CVE-2022-25890
security.snyk.io/vuln/SNYK-JS-WIFEY-3175615

Detect and mitigate CVE-2022-25890 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →