Command Injection Vulnerability in systeminformation

Description

command injection vulnerability

Recommendation

Update the systeminformation package to the latest compatible version. Followings are version details:

• Affected version(s): < 5.6.4
• Patched version(s): 5.6.4

References

• GHSA-jff2-qjw8-5476
• www.npmjs.com
• CVE-2021-21388
• CWE-77
• CWE-78
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• rollbar vulnerable to Prototype Pollution in merge() - CVE-2025-62517
• Prototype Pollution in lodash (GHSA-p6mc-m468-83gw) 5 - CVE-2020-8203
• Prototype Pollution in lodash (GHSA-p6mc-m468-83gw) 4 - CVE-2020-8203
• Prototype Pollution in lodash (GHSA-p6mc-m468-83gw) 3 - CVE-2020-8203

Tags:

npm

systeminformation