CVE-2022-25926
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
04/01/2023
Last modified:
10/04/2025
Description
Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.<br />
<br />
Impact
Base Score 3.x
7.40
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:window-control_project:window-control:*:*:*:*:*:node.js:*:* | 1.4.5 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/bruno-robert/window-control/commit/075c854534a749d887655a906759f5a7eee95173
- https://github.com/bruno-robert/window-control/releases/tag/v1.4.5
- https://security.snyk.io/vuln/SNYK-JS-WINDOWCONTROL-3186345
- https://github.com/bruno-robert/window-control/commit/075c854534a749d887655a906759f5a7eee95173
- https://github.com/bruno-robert/window-control/releases/tag/v1.4.5
- https://security.snyk.io/vuln/SNYK-JS-WINDOWCONTROL-3186345