189 matches found
CVE-2021-21388
systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version = 5.6.4. If you cannot...
Command injection
systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version = 5.6.4. If you cannot...
CVE-2021-21388 Command Injection Vulnerability in systeminformation
systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version = 5.6.4. If you cannot...
CVE-2021-21388
CVE-2021-21388 affects the systeminformation Node.js package (pre-5.6.4). It describes a command-injection flaw in how service parameters are handled (si.inetLatency, si.inetChecksite, si.services, si.processLoad, etc.). The root cause is insufficient validation of input parameters; upgrading to ...
systeminformation 操作系统命令注入漏洞
systeminformation is an Npm software library that can obtain operating system information. An operating system command injection vulnerability exists in systeminformation, which stems from a discovered command injection vulnerability in systeminformation...
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in sebhildebrandt/systeminformation
✍️ Description The systeminformation package is vulnerable to Improper Input Validation through versions function. 🕵️♂️ Proof of Concept javascript // PoC.js const si = require'systeminformation'; si.versionstoString : = console.log"This is a PoC" ; 💥 Impact This vulnerability allows attackers to...
Command Injection
systeminformation is vulnerable to command injection. An attacker is able to pass a string as an array to bypass validation and execute arbitrary commands through the following functions: inetLatency, inetChecksite, services, processLoad...
GHSA-JFF2-QJW8-5476 Command Injection Vulnerability in systeminformation
Impact command injection vulnerability Patches Problem was fixed with a parameter check. Please upgrade to version = 5.6.4 Workarounds If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency, si.inetChecksite, si.services, si.processLoad ... do onl...
4runr-os (>=1.0.48 <=2.10.77), 7key-gen (>=1.0.12 <=1.1.0) +2898 more potentially affected by CVE-2021-21388 via systeminformation (>=3.30.6 <=5.6.3)
systeminformation NPM version =3.30.6, =1.0.48, =1.0.12, =1.1.9, =1.7.0-beta.7, =3.11.1, =1.0.0, =1.2.0, =0.1.2, =1.16.13, =1.3.16, =1.1.12, =1.6.23, =1.17.13-beta-20260512-042419-7b556a38 and more Source cves: CVE-2021-21388 Source advisory: OSV:GHSA-JFF2-QJW8-5476...
Command Injection Vulnerability in systeminformation
Impact command injection vulnerability Patches Problem was fixed with a parameter check. Please upgrade to version = 5.6.4 Workarounds If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency, si.inetChecksite, si.services, si.processLoad ... do onl...
Command Injection
Overview The systeminformation package is an open source collection of functions to retrieve detailed hardware, system and OS information. In affected versions of systeminformation there is a command injection vulnerability. As a workaround instead of upgrading, be sure to check or sanitize servi...
Server-Side Request Forgery (SSRF) in sebhildebrandt/systeminformation
Description systeminformation package is vulnerable to Server-side request forgery. It allows attackers to abuse of @ to make requests to a different domain or possibility to applications that are not publicly exposed through http://[email protected]:8080. Proof of Concept javascript cons...
DEBIAN-CVE-2021-21315
The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. ...
CVE-2021-21315
CVE-2021-21315 affects the npm package System Information (systeminformation) prior to version 5.3.1. The vulnerability is a command injection in functions that process service/latency queries (e.g., si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad()) which can be exploited via...
CVE-2021-21315
The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. ...
4runr-os (>=1.0.48 <=2.10.77), 7key-gen (>=1.0.12 <=1.1.0) +2898 more potentially affected by CVE-2021-21315 via systeminformation (>=3.30.6 <=5.31.7)
systeminformation NPM version =3.30.6, =1.0.48, =1.0.12, =1.1.9, =1.7.0-beta.7, =3.11.1, =1.0.0, =1.2.0, =0.1.2, =1.16.13, =1.3.16, =1.1.12, =1.6.23, =1.17.13-beta-20260512-042419-7b556a38 and more Source cves: CVE-2021-21315 Source advisory: OSV:GHSA-2M8V-572M-FF2V...
PT-2021-7658 · Npm · Systeminformation
Name of the Vulnerable Software and Affected Versions: systeminformation versions prior to 5.3.1 Description: The System Information Library for Node.JS is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1,...
Systeminformation Operating System Command Injection Vulnerability
An operating system command injection vulnerability exists in Systeminformation, which arises when a network system or product fails to properly filter special characters, commands, etc., during the construction of executable operating system commands from externally input data. An attacker could...
Command Injection in sebhildebrandt/systeminformation
Description systeminformation is vulnerable to Command Injection vulnerability. It is possible to send an array containing OS commands, which bypass the filters. Proof of Concept 1. Create a Javascript file with the content below: javascript const si = require'systeminformation'; const command =...
Denial of Service in sebhildebrandt/systeminformation
Description systeminformation is vulnerable to Denial of Service. It is possible to overwrite the ping command parameters, which results in too long execution. Proof of Concept Create a .js file with the content below and run it. javascript const si = require'systeminformation'; si.inetLatency"-c...