Lookup for vulnerable packages by Package URL.
| Purl | pkg:npm/systeminformation@4.34.7 |
|---|
| Type | npm |
|---|
| Namespace | |
|---|
| Name | systeminformation |
|---|
| Version | 4.34.7 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 5.6.4 |
|---|
| Latest_non_vulnerable_version | 5.31.6 |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-fen5-17u8-efbs |
| vulnerability_id |
VCID-fen5-17u8-efbs |
| summary |
OS Command Injection
systeminformation is an open source system and OS information library for node.Please upgrade to If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-21388, GHSA-jff2-qjw8-5476
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fen5-17u8-efbs |
|
| 1 |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | 10.0 |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@4.34.7 |
|---|