Command Injection in systeminformation

Description

command injection vulnerability

Recommendation

Update the systeminformation package to the latest compatible version. Followings are version details:

• Affected version(s): < 4.26.2
• Patched version(s): 4.26.2

References

• GHSA-fj59-f6c3-3vw4
• www.npmjs.com
• CVE-2020-26300
• CWE-78
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Command Injection Vulnerability in systeminformation - systeminformation - CVE-2020-26274
• OS Command Injection in systeminformation - CVE-2020-7778
• systeminformation command injection vulnerability - CVE-2020-7752
• Injection and Command Injection in devcert - CVE-2020-8186

You might also like:

How do hackers hack websites?

10 Secure Coding Best Practices to Follow in Every Project

Update Cheat Sheet for Developers

Tags:

npm

systeminformation