versions() fix Command Injection issue (linux), added smartmontools support (macOS)

sebhildebrandt · sebhildebrandt · commit 2a28d2d08300 · 2026-02-15T09:08:35.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -91,7 +91,7 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.
 
 | Version | Date       | Comment                                                                                             |
 | ------- | ---------- | --------------------------------------------------------------------------------------------------- |
-| 5.31.0  | 2026-02-15 | `diskLayout()` added smartmontools support (macOS)                                                  |
+| 5.31.0  | 2026-02-15 | `diskLayout()` added smartmontools support (macOS), `versions()` command injection issue (linux)    |
 | 5.30.8  | 2026-02-14 | `wifiNetworks()` fixed CWE-78 command injection issue (linux)                                       |
 | 5.30.7  | 2026-01-31 | `networkInterfaces()` fixed getWindowsIEEE8021x issue (windows)                                     |
 | 5.30.6  | 2026-01-22 | `graphics()` improved nvidia-smi detection (windows)                                                |
diff --git a/docs/history.html b/docs/history.html
@@ -61,7 +61,7 @@ <h3>Full version history</h3>
                       <th scope="row">5.31.0
                       </th>
                       <td>2026-02-15</td>
-                      <td><span class="code">diskLayout()</span> added smartmontools support (macOS)</td>
+                      <td><span class="code">diskLayout()</span> added smartmontools support (macOS), <span class="code">versions()</span> fix command injection</td>
                     </tr>
                     <tr>
                       <th scope="row">5.30.8
diff --git a/docs/index.html b/docs/index.html
@@ -166,7 +166,7 @@
 <body>
   <header class="bg-image-full">
     <div class="top-container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.30.8</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.31.0</a>
       <img class="logo" src="assets/logo.png" alt="logo">
       <div class="title">systeminformation</div>
       <div class="subtitle"><span id="typed"></span>&nbsp;</div>
diff --git a/docs/security.html b/docs/security.html
@@ -44,6 +44,21 @@
             <div class="col-12 sectionheader">
               <div class="title">Security Advisories</div>
               <div class="text">
+                <h2>versions() Command Injection Vulnerability</h2>
+                <p><span class="bold">Affected versions:</span>
+                  &lt; 5.31.0<br>
+                  <span class="bold">Date:</span> 2026-02-15<br>
+                  <span class="bold">CVE indentifier</span> ...
+                </p>
+
+                <h4>Impact</h4>
+                <p>We had an issue that there was a possibility to perform a potential command injection possibility by craft the malicious file path for postgres that is then used in <span class="code">versions()</span> on linux machines.</p>
+
+                <h4>Patch</h4>
+                <p>Problem was fixed with parameter checking and execFile. If you are using version 5, please upgrade to version >= 5.31.0.</p>
+                <hr>
+                <br>
+
                 <h2>wifiNetworks Command Injection Vulnerability</h2>
                 <p><span class="bold">Affected versions:</span>
                   &lt; 5.30.8<br>
