189 matches found
CVE-2020-26274
In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...
CVE-2020-26274
In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...
DEBIAN-CVE-2020-26274
In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...
Command injection
In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...
Command Injection
Overview There is a command injection vulnerability in systeminformation which allows for injection of commands to the command line of your machine. Affected commands: inetLatency. The problem was fixed by sanitizing the shell string. Recommendation Upgrade to version 4.31.1 or later. References ...
CVE-2020-26274
The CVE-2020-26274 vulnerability affects the systeminformation npm package, specifically versions before 4.31.1, where a command injection flaw exists in how shell strings are handled. The root cause is improper sanitization of a crafted shell string, enabling arbitrary command execution on the h...
CVE-2020-26274 Command Injection Vulnerability in systeminformation
In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...
CVE-2020-26274
In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...
@azteam/monitor (>=1.0.1 <=1.0.9), @bb-cli/e2e-bb-test (>=2.8.3-5 <=2.8.4) +218 more potentially affected by CVE-2020-26274 via systeminformation (>=3.30.6 <=4.31.0)
systeminformation NPM version =3.30.6, =1.0.1, =2.8.3-5, =1.0.7, =1.0.0, =1.0.148 and more Source cves: CVE-2020-26274 Source advisory: OSV:GHSA-M57P-P67H-MQ74...
GHSA-M57P-P67H-MQ74 Command Injection Vulnerability in systeminformation
Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.31.1 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetLatency For more information If you have any...
Command Injection Vulnerability in systeminformation
Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.31.1 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetLatency For more information If you have any...
Systeminformation Operating System Command Injection Vulnerability
systeminformation is an Npm software library that can obtain information about the operating system. A vulnerability in operating system command injection existed in versions prior to systeminformation npm package version 4.31.1, which stemmed from this issue fixed in version 4.31.1, and fixed a...
@azteam/monitor (>=1.0.1 <=1.0.9), @best/builder (=4.0.0-beta10) +26 more potentially affected by CVE-2020-26274 via systeminformation (>=4.0.10 <=4.31.0)
systeminformation NPM version =4.0.10, =1.0.1, =0.0.3, =1.1.0, =5.2.0, =5.2.1 and more Source cves: CVE-2020-26274 Source advisory: SNYK:JS-SYSTEMINFORMATION-1050436...
Command Injection
Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection. The sanitizeShellString function does not sanitize quotation marks, which could be leveraged by an attacker to execute arbitrary commands. PoC const si ...
CVE-2020-26245
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...
DEBIAN-CVE-2020-26245
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...
Command injection
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...
CVE-2020-26245
The CVE concerns the npm package systeminformation (prior to v4.30.5). A Prototype Pollution flaw can lead to Command Injection, with fixes implemented by rewriting shell sanitations to prevent pollution. Affected versions are before 4.30.5; remediation is to upgrade to v4.30.5 (or at least v4.30...
CVE-2020-26245
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...
CVE-2020-26245 Prototype Pollution leading to Command Injection in systeminformation
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...