Lucene search
K

189 matches found

NVD
NVD
added 2020/12/16 8:15 p.m.15 views

CVE-2020-26274

In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...

8.8CVSS7.3AI score0.02712EPSS
Exploits0References3
OSV
OSV
added 2020/12/16 8:15 p.m.19 views

CVE-2020-26274

In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...

8.8CVSS9AI score
Exploits0References3
OSV
OSV
added 2020/12/16 8:15 p.m.5 views

DEBIAN-CVE-2020-26274

In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...

8.8CVSS7.3AI score0.02712EPSS
Exploits0References1
Prion
Prion
added 2020/12/16 8:15 p.m.13 views

Command injection

In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...

7.5CVSS9AI score0.02712EPSS
Exploits0References3Affected Software1
Node.js
Node.js
added 2020/12/16 7:42 p.m.44 views

Command Injection

Overview There is a command injection vulnerability in systeminformation which allows for injection of commands to the command line of your machine. Affected commands: inetLatency. The problem was fixed by sanitizing the shell string. Recommendation Upgrade to version 4.31.1 or later. References ...

7.5CVSS4.5AI score0.02712EPSS
Exploits0Affected Software1
CVE
CVE
added 2020/12/16 7:30 p.m.54 views

CVE-2020-26274

The CVE-2020-26274 vulnerability affects the systeminformation npm package, specifically versions before 4.31.1, where a command injection flaw exists in how shell strings are handled. The root cause is improper sanitization of a crafted shell string, enabling arbitrary command execution on the h...

8.8CVSS7.7AI score0.02712EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/12/16 7:30 p.m.20 views

CVE-2020-26274 Command Injection Vulnerability in systeminformation

In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...

6.4CVSS9AI score0.02712EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/12/16 7:30 p.m.9 views

CVE-2020-26274

In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...

8.8CVSS5.8AI score0.02712EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/12/16 7:25 p.m.7 views

@azteam/monitor (>=1.0.1 <=1.0.9), @bb-cli/e2e-bb-test (>=2.8.3-5 <=2.8.4) +218 more potentially affected by CVE-2020-26274 via systeminformation (>=3.30.6 <=4.31.0)

systeminformation NPM version =3.30.6, =1.0.1, =2.8.3-5, =1.0.7, =1.0.0, =1.0.148 and more Source cves: CVE-2020-26274 Source advisory: OSV:GHSA-M57P-P67H-MQ74...

8.8CVSS7.2AI score0.02712EPSS
Exploits0
OSV
OSV
added 2020/12/16 7:25 p.m.2 views

GHSA-M57P-P67H-MQ74 Command Injection Vulnerability in systeminformation

Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.31.1 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetLatency For more information If you have any...

6.4CVSS5.9AI score0.02712EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2020/12/16 7:25 p.m.46 views

Command Injection Vulnerability in systeminformation

Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.31.1 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetLatency For more information If you have any...

8.8CVSS8.6AI score0.02712EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2020/12/16 12:0 a.m.7 views

Systeminformation Operating System Command Injection Vulnerability

systeminformation is an Npm software library that can obtain information about the operating system. A vulnerability in operating system command injection existed in versions prior to systeminformation npm package version 4.31.1, which stemmed from this issue fixed in version 4.31.1, and fixed a...

8.8CVSS7.3AI score0.02712EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2020/12/11 5:44 p.m.4 views

@azteam/monitor (>=1.0.1 <=1.0.9), @best/builder (=4.0.0-beta10) +26 more potentially affected by CVE-2020-26274 via systeminformation (>=4.0.10 <=4.31.0)

systeminformation NPM version =4.0.10, =1.0.1, =0.0.3, =1.1.0, =5.2.0, =5.2.1 and more Source cves: CVE-2020-26274 Source advisory: SNYK:JS-SYSTEMINFORMATION-1050436...

8.8CVSS7.2AI score0.02712EPSS
Exploits0
Snyk
Snyk
added 2020/12/11 5:44 p.m.3 views

Command Injection

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection. The sanitizeShellString function does not sanitize quotation marks, which could be leveraged by an attacker to execute arbitrary commands. PoC const si ...

8.8CVSS7.2AI score0.02712EPSS
Exploits0References2
OSV
OSV
added 2020/11/27 8:15 p.m.10 views

CVE-2020-26245

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...

9.8CVSS6.9AI score
Exploits0References2
OSV
OSV
added 2020/11/27 8:15 p.m.6 views

DEBIAN-CVE-2020-26245

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...

9.8CVSS7.3AI score0.01925EPSS
Exploits0References1
Prion
Prion
added 2020/11/27 8:15 p.m.18 views

Command injection

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...

7.5CVSS9.1AI score0.01925EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/11/27 7:50 p.m.101 views

CVE-2020-26245

The CVE concerns the npm package systeminformation (prior to v4.30.5). A Prototype Pollution flaw can lead to Command Injection, with fixes implemented by rewriting shell sanitations to prevent pollution. Affected versions are before 4.30.5; remediation is to upgrade to v4.30.5 (or at least v4.30...

9.8CVSS8.7AI score0.01925EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/11/27 7:50 p.m.6 views

CVE-2020-26245

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...

9.8CVSS5.8AI score0.01925EPSS
Exploits0
Cvelist
Cvelist
added 2020/11/27 7:50 p.m.28 views

CVE-2020-26245 Prototype Pollution leading to Command Injection in systeminformation

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...

8.1CVSS9.3AI score0.01925EPSS
Exploits0References2
Rows per page
Query Builder