Command Injection Vulnerability in systeminformation

Description

command injection vulnerability

Recommendation

Update the systeminformation package to the latest compatible version. Followings are version details:

• Affected version(s): < 5.6.4
• Patched version(s): 5.6.4

References

• GHSA-jff2-qjw8-5476
• www.npmjs.com
• CVE-2021-21388
• CWE-77
• CWE-78
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Command Injection Vulnerability - CVE-2021-21315
• Command Injection Vulnerability in systeminformation (GHSA-m57p-p67h-mq74) - CVE-2020-26274
• Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) - CVE-2024-56334
• json-logic-js Command Injection vulnerability - CVE-2021-4329

Tags:

npm

systeminformation