Command Injection Affecting librenms/librenms package, versions <22.4.0
Threat Intelligence
EPSS
0.11% (45th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-LIBRENMSLIBRENMS-2859195
- published 6 Jun 2022
- disclosed 3 Jun 2022
- credit Darek Jensen, haxmeadroom
Introduced: 3 Jun 2022
CVE-2022-29712 Open this link in a new tabHow to fix?
Upgrade librenms/librenms
to version 22.4.0 or higher.
Overview
librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support.
Affected versions of this package are vulnerable to Command Injection via the service_ip
, hostname
, and service_param
parameters.
References
CVSS Scores
version 3.1