systeminformation command injection vulnerability

Description

command injection vulnerability

Recommendation

Update the systeminformation package to the latest compatible version. Followings are version details:

• Affected version(s): < 4.27.11
• Patched version(s): 4.27.11

References

• GHSA-94xh-2fmc-xf5j
• www.npmjs.com
• snyk.io
• CVE-2020-7752
• CWE-78
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Command Injection Vulnerability in systeminformation - systeminformation - CVE-2020-26274
• Command Injection Vulnerability in systeminformation - CVE-2021-21388
• Command Injection in systeminformation - CVE-2020-26300
• OS Command Injection in systeminformation - CVE-2020-7778

You might also like:

How do hackers hack websites?

These 7 PHP mistakes leave your website open to the hackers

Exploiting Server Version Disclosure

Tags:

npm

systeminformation