systeminformation SSID Command Injection Vulnerability

Description

SSID Command Injection Vulnerability

Recommendation

Update the systeminformation package to the latest compatible version. Followings are version details:

• Affected version(s): >= 5.0.0, < 5.21.7
• Patched version(s): 5.21.7

References

• GHSA-gx6r-qc2v-3p3v
• systeminformation.io
• CVE-2023-42810
• CWE-77
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Elliptic's verify function omits uniqueness validation - CVE-2024-48949
• Nuxt DevTools vulnerable to cross-site scripting (XSS) - CVE-2025-52662
• Strapi is vulnerable to Insufficient Session Expiration - CVE-2025-3930
• Command Injection Vulnerability - CVE-2021-21315

Tags:

npm

systeminformation