Search for packages
| purl | pkg:npm/systeminformation@3.2.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-297u-ugtg-bkdd
Aliases: CVE-2020-26274 GHSA-m57p-p67h-mq74 |
OS Command Injection systeminformation suffers from a command injection vulnerability. |
Affected by 2 other vulnerabilities. |
|
VCID-6t9m-cpgx-z3hb
Aliases: CVE-2020-26245 GHSA-4v2w-h9jm-mqjg |
OS Command Injection npm package systeminformation is vulnerable to Prototype Pollution leading to Command Injection.If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to `si.inetChecksite().` |
Affected by 3 other vulnerabilities. |
|
VCID-axru-z7ku-nyh8
Aliases: CVE-2020-7778 GHSA-8j36-q8x7-pm6q |
OS Command Injection This affects the package systeminformation The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. |
Affected by 4 other vulnerabilities. |
|
VCID-c47r-q1dv-8qg7
Aliases: CVE-2020-7752 GHSA-94xh-2fmc-xf5j |
The systeminformation package is vulnerable to Command Injection. An attacker can concatenate the curl command's parameters to overwrite Javascript files and then execute any OS commands. |
Affected by 5 other vulnerabilities. |
|
VCID-fen5-17u8-efbs
Aliases: CVE-2021-21388 GHSA-jff2-qjw8-5476 |
OS Command Injection systeminformation is an open source system and OS information library for node.Please upgrade to If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected. |
Affected by 0 other vulnerabilities. |
|
VCID-us5p-3w2r-13e6
Aliases: CVE-2021-21315 GHSA-2m8v-572m-ff2v |
Command Injection Vulnerability command injection vulnerability |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||