CVE-2022-25890: wifey vulnerable to Command Injection due to improper input sanitization

January 9, 2023 (updated April 9, 2025)

All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization.

References

github.com/advisories/GHSA-xj9v-6q2f-vqhx
nvd.nist.gov/vuln/detail/CVE-2022-25890
security.snyk.io/vuln/SNYK-JS-WIFEY-3175615

Code Behaviors & Features

Detect and mitigate CVE-2022-25890 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →