Closed SteinRobert closed 4 years ago
friedrith
commented
5 years ago Hi, Thank you to make me aware of this issue. Do you have any solution to fix it?
Also notice that if you use CLI you already have access to command so command injection is not really a problem. But it is important to avoid any misunderstanding and fix this issue if possible.
SteinRobert
commented
5 years ago Hi @friedrith ,
I think we can solve the issue by using execFile instead of exec. I believe I can provide you with a PR for this.
However, if I clone the current master branch and run following command:
./bin/wifi.js --connect --ssid test --password testI get
/node-wifi/node_modules/chalk/templates.js:109
throw new Error('Found extraneous } in Chalk template literal');
^
Error: Found extraneous } in Chalk template literalAfter adapting the chalk syntax in bin/wifi.js it works fine. Is that another issue?
SteinRobert
commented
4 years ago @friedrith I know you're probably super busy, please don't get me wrong. If you find any time to release a new version which includes #85 me and my team would really appreciate it!
friedrith
commented
4 years ago I have juste release new version 2.0.12 that includes all changes on master branch.
friedrith
commented
3 years ago This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Expected Behavior
Do not be vulnerable to command injection
Current Behavior
See: https://www.npmjs.com/advisories/952
Affected features
Possible Solution
Sanitize input.