Command Injection Vulnerability in systeminformation

Description

command injection vulnerability

Recommendation

Update the systeminformation package to the latest compatible version. Followings are version details:

• Affected version(s): < 5.6.4
• Patched version(s): 5.6.4

References

• GHSA-jff2-qjw8-5476
• www.npmjs.com
• CVE-2021-21388
• CWE-77
• CWE-78
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Prototype Pollution in lodash (GHSA-p6mc-m468-83gw) 5 - CVE-2020-8203
• Prototype Pollution in lodash (GHSA-p6mc-m468-83gw) 3 - CVE-2020-8203
• Prototype Pollution in lodash (GHSA-p6mc-m468-83gw) 2 - CVE-2020-8203
• IPX Allows Path Traversal via Prefix Matching Bypass - CVE-2025-54387

Tags:

npm

systeminformation