OS Command Injection in systeminformation

Description

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.

Recommendation

Update the systeminformation package to the latest compatible version. Followings are version details:

• Affected version(s): < 4.30.2
• Patched version(s): 4.30.2

References

• GHSA-8j36-q8x7-pm6q
• snyk.io
• CVE-2020-7778
• CWE-78
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Command Injection in systeminformation - CVE-2020-26300
• systeminformation command injection vulnerability - CVE-2020-7752
• Command Injection Vulnerability in systeminformation - systeminformation - CVE-2020-26274
• Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path - CVE-2026-26280

You might also like:

How do hackers hack websites?

10 Secure Coding Best Practices to Follow in Every Project

Update Cheat Sheet for Developers

Tags:

npm

systeminformation