Lucene search
K

189 matches found

OSV
OSV
added 2021/04/29 6:15 p.m.19 views

CVE-2021-21388

systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version = 5.6.4. If you cannot...

9.8CVSS7.1AI score
Exploits0References5
Prion
Prion
added 2021/04/29 6:15 p.m.20 views

Command injection

systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version = 5.6.4. If you cannot...

7.5CVSS9.6AI score0.01854EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2021/04/29 5:20 p.m.19 views

CVE-2021-21388 Command Injection Vulnerability in systeminformation

systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version = 5.6.4. If you cannot...

8.9CVSS9.9AI score0.01854EPSS
Exploits0References5
CVE
CVE
added 2021/04/29 5:20 p.m.68 views

CVE-2021-21388

CVE-2021-21388 affects the systeminformation Node.js package (pre-5.6.4). It describes a command-injection flaw in how service parameters are handled (si.inetLatency, si.inetChecksite, si.services, si.processLoad, etc.). The root cause is insufficient validation of input parameters; upgrading to ...

9.8CVSS9.5AI score0.01854EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2021/04/29 12:0 a.m.3 views

systeminformation 操作系统命令注入漏洞

systeminformation is an Npm software library that can obtain operating system information. An operating system command injection vulnerability exists in systeminformation, which stems from a discovered command injection vulnerability in systeminformation...

9.8CVSS8.3AI score0.01854EPSS
Exploits0References7
Huntr
Huntr
added 2021/04/08 3:12 a.m.21 views

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in sebhildebrandt/systeminformation

✍️ Description The systeminformation package is vulnerable to Improper Input Validation through versions function. 🕵️‍♂️ Proof of Concept javascript // PoC.js const si = require'systeminformation'; si.versionstoString : = console.log"This is a PoC" ; 💥 Impact This vulnerability allows attackers to...

3.7AI score
Exploits0
Veracode
Veracode
added 2021/04/07 3:9 a.m.23 views

Command Injection

systeminformation is vulnerable to command injection. An attacker is able to pass a string as an array to bypass validation and execute arbitrary commands through the following functions: inetLatency, inetChecksite, services, processLoad...

9.8CVSS5.2AI score0.01854EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2021/04/06 5:30 p.m.5 views

GHSA-JFF2-QJW8-5476 Command Injection Vulnerability in systeminformation

Impact command injection vulnerability Patches Problem was fixed with a parameter check. Please upgrade to version = 5.6.4 Workarounds If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency, si.inetChecksite, si.services, si.processLoad ... do onl...

8.9CVSS5.9AI score0.01854EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2021/04/06 5:30 p.m.4 views

4runr-os (>=1.0.48 <=2.10.77), 7key-gen (>=1.0.12 <=1.1.0) +2898 more potentially affected by CVE-2021-21388 via systeminformation (>=3.30.6 <=5.6.3)

systeminformation NPM version =3.30.6, =1.0.48, =1.0.12, =1.1.9, =1.7.0-beta.7, =3.11.1, =1.0.0, =1.2.0, =0.1.2, =1.16.13, =1.3.16, =1.1.12, =1.6.23, =1.17.13-beta-20260512-042419-7b556a38 and more Source cves: CVE-2021-21388 Source advisory: OSV:GHSA-JFF2-QJW8-5476...

9.8CVSS7.2AI score0.01854EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/04/06 5:30 p.m.54 views

Command Injection Vulnerability in systeminformation

Impact command injection vulnerability Patches Problem was fixed with a parameter check. Please upgrade to version = 5.6.4 Workarounds If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency, si.inetChecksite, si.services, si.processLoad ... do onl...

9.8CVSS4.3AI score0.01854EPSS
Exploits0References7Affected Software1
Node.js
Node.js
added 2021/02/24 3:24 a.m.81 views

Command Injection

Overview The systeminformation package is an open source collection of functions to retrieve detailed hardware, system and OS information. In affected versions of systeminformation there is a command injection vulnerability. As a workaround instead of upgrading, be sure to check or sanitize servi...

4.6CVSS7.5AI score0.9024EPSS
Exploits4Affected Software1
Huntr
Huntr
added 2021/02/18 12:0 a.m.17 views

Server-Side Request Forgery (SSRF) in sebhildebrandt/systeminformation

Description systeminformation package is vulnerable to Server-side request forgery. It allows attackers to abuse of @ to make requests to a different domain or possibility to applications that are not publicly exposed through http://[email protected]:8080. Proof of Concept javascript cons...

1.9AI score
Exploits0
OSV
OSV
added 2021/02/16 5:15 p.m.9 views

DEBIAN-CVE-2021-21315

The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. ...

7.8CVSS5.8AI score0.9024EPSS
Exploits4References1
CVE
CVE
added 2021/02/16 5:0 p.m.1224 views

CVE-2021-21315

CVE-2021-21315 affects the npm package System Information (systeminformation) prior to version 5.3.1. The vulnerability is a command injection in functions that process service/latency queries (e.g., si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad()) which can be exploited via...

7.8CVSS7.5AI score0.9024EPSS
In wildExploits4References6Affected Software1
Debian CVE
Debian CVE
added 2021/02/16 5:0 p.m.6 views

CVE-2021-21315

The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. ...

7.8CVSS5.8AI score0.9024EPSS
Exploits4
vulnersOsv
vulnersOsv
added 2021/02/16 4:51 p.m.6 views

4runr-os (>=1.0.48 <=2.10.77), 7key-gen (>=1.0.12 <=1.1.0) +2898 more potentially affected by CVE-2021-21315 via systeminformation (>=3.30.6 <=5.31.7)

systeminformation NPM version =3.30.6, =1.0.48, =1.0.12, =1.1.9, =1.7.0-beta.7, =3.11.1, =1.0.0, =1.2.0, =0.1.2, =1.16.13, =1.3.16, =1.1.12, =1.6.23, =1.17.13-beta-20260512-042419-7b556a38 and more Source cves: CVE-2021-21315 Source advisory: OSV:GHSA-2M8V-572M-FF2V...

7.8CVSS7.1AI score0.9024EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2021/02/16 12:0 a.m.7 views

PT-2021-7658 · Npm · Systeminformation

Name of the Vulnerable Software and Affected Versions: systeminformation versions prior to 5.3.1 Description: The System Information Library for Node.JS is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1,...

7.8CVSS10AI score0.9024EPSS
Exploits4References21
CNNVD
CNNVD
added 2021/02/16 12:0 a.m.8 views

Systeminformation Operating System Command Injection Vulnerability

An operating system command injection vulnerability exists in Systeminformation, which arises when a network system or product fails to properly filter special characters, commands, etc., during the construction of executable operating system commands from externally input data. An attacker could...

7.8CVSS7.2AI score0.9024EPSS
Exploits4References8
Huntr
Huntr
added 2021/02/12 12:0 a.m.38 views

Command Injection in sebhildebrandt/systeminformation

Description systeminformation is vulnerable to Command Injection vulnerability. It is possible to send an array containing OS commands, which bypass the filters. Proof of Concept 1. Create a Javascript file with the content below: javascript const si = require'systeminformation'; const command =...

7.5CVSS2AI score0.01854EPSS
Exploits0
Huntr
Huntr
added 2021/02/11 12:0 a.m.33 views

Denial of Service in sebhildebrandt/systeminformation

Description systeminformation is vulnerable to Denial of Service. It is possible to overwrite the ping command parameters, which results in too long execution. Proof of Concept Create a .js file with the content below and run it. javascript const si = require'systeminformation'; si.inetLatency"-c...

4.6CVSS4.3AI score0.9024EPSS
Exploits4
Rows per page
Query Builder