CVE-2022-25916: mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization
(updated )
Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the ‘wiscan.scan’ function.
References
- github.com/advisories/GHSA-5h8c-8ccp-8gmh
- github.com/simenkid/mt7688-wiscan
- github.com/simenkid/mt7688-wiscan/blob/master/index.js%23L22
- github.com/simenkid/mt7688-wiscan/commit/ff6d6567c65b4e972916a8fbc4533212f20a2fa5
- nvd.nist.gov/vuln/detail/CVE-2022-25916
- security.snyk.io/vuln/SNYK-JS-MT7688WISCAN-3177394
Code Behaviors & Features
Detect and mitigate CVE-2022-25916 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →