Command Injection Vulnerability

Description

command injection vulnerability

Recommendation

Update the systeminformation package to the latest compatible version. Followings are version details:

• Affected version(s): < 5.3.1
• Patched version(s): 5.3.1

References

• GHSA-2m8v-572m-ff2v
• www.npmjs.com
• lists.apache.org
• security.netapp.com
• www.cisa.gov
• CVE-2021-21315
• CWE-78
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Command Injection Vulnerability in systeminformation - CVE-2021-21388
• systeminformation SSID Command Injection Vulnerability - CVE-2023-42810
• Command Injection Vulnerability in systeminformation (GHSA-m57p-p67h-mq74) - CVE-2020-26274
• json-logic-js Command Injection vulnerability - CVE-2021-4329

Tags:

npm

systeminformation