Lucene search

CVE-2020-26274

🗓️ 16 Dec 2020 20:14:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 34 Views

systeminformation (npm package) before version 4.31.1 has command injection vulnerability

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 10
NVD	CVE-2020-26274	16 Dec 202020:15	–	nvd
Prion	Command injection	16 Dec 202020:15	–	prion
Node.js	Command Injection	16 Dec 202019:42	–	nodejs
Veracode	OS Command Injection	28 Oct 202004:03	–	veracode
Veracode	Command Injection	17 Dec 202001:00	–	veracode
Cvelist	CVE-2020-26274 Command Injection Vulnerability in systeminformation	16 Dec 202019:30	–	cvelist
OSV	Command Injection Vulnerability in systeminformation	16 Dec 202019:25	–	osv
OSV	CVE-2020-26274	16 Dec 202020:15	–	osv
Github Security Blog	Command Injection Vulnerability in systeminformation	16 Dec 202019:25	–	github
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js and FasterXML jackson-databind affect IBM Spectrum Protect Plus	9 Feb 202109:58	–	ibm

Nvd

Vulners

Node

systeminformation systeminformationRange<4.31.1node.js

[
  {
    "product": "systeminformation",
    "vendor": "sebhildebrandt",
    "versions": [
      {
        "status": "affected",
        "version": "< 4.31.1"
      }
    ]
  }
]

Source	Link
github	www.github.com/sebhildebrandt/systeminformation/commit/1faadcbf68f1b1fdd5eb2054f68fc932be32ac99
npmjs	www.npmjs.com/package/systeminformation
github	www.github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-m57p-p67h-mq74

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Dec 2020 20:15Current

7.7High risk

Vulners AI Score7.7

CVSS27.5

CVSS36.4 - 8.8

EPSS0.01389

CWE-78