Prototype Pollution in systeminformation

Description

command injection vulnerability by prototype pollution

Recommendation

Update the systeminformation package to the latest compatible version. Followings are version details:

• Affected version(s): < 4.30.5
• Patched version(s): 4.30.5

References

• GHSA-4v2w-h9jm-mqjg
• CVE-2020-26245
• CWE-471
• CWE-78
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Prototype Pollution in Ajv - CVE-2020-15366
• Prototype Pollution in node-forge - CVE-2020-7720
• Prototype Pollution in highlight.js - CVE-2020-26237
• Prototype Pollution in asciitable.js - CVE-2020-7771

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

systeminformation