Homepage

network-manager@1.0.1 vulnerabilities

A wrapper for nm-cli for managing linux network connection

  • latest version

    1.0.2

  • first published

    8 years ago

  • latest version published

    8 years ago

  • licenses detected

  • View network-manager package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the network-manager package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Command Injection

    network-manager is a working with ethernet and wifi interfaces.

    Affected versions of this package are vulnerable to Command Injection. The runCommand() function within common.js file is called by getDevices() function in file linux/manager.js, which is required by the index.process.env.NM_CLI in the file "linux/manager.js". This is used to construct the argument of function execSync(), which can be controlled by a user without any sanitization.

    PoC by JHU System Security Lab

    process.env.NM_CLI = 'echo vulnerable > create.txt & nmcli';
var root = require("network-manager");
root.getDevices();

    How to fix Command Injection?

    There is no fixed version for network-manager.

    *
    Go back to all versions of this package