Command Injection Vulnerability in systeminformation

Description

command injection vulnerability

Recommendation

Update the systeminformation package to the latest compatible version. Followings are version details:

• Affected version(s): < 5.6.4
• Patched version(s): 5.6.4

References

• GHSA-jff2-qjw8-5476
• www.npmjs.com
• CVE-2021-21388
• CWE-77
• CWE-78
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Command Injection Vulnerability - CVE-2021-21315
• systeminformation SSID Command Injection Vulnerability - CVE-2023-42810
• Command Injection Vulnerability in systeminformation - systeminformation - CVE-2020-26274
• systeminformation has a Command Injection vulnerability in fsSize() function on Windows - CVE-2025-68154

You might also like:

How do hackers hack websites?

These 7 PHP mistakes leave your website open to the hackers

Exploiting Server Version Disclosure

Tags:

npm

systeminformation