189 matches found
@azteam/monitor (>=1.0.1 <=1.0.9), @bb-cli/e2e-bb-test (>=2.8.3-5 <=2.8.4) +217 more potentially affected by CVE-2020-26245 via systeminformation (>=3.30.6 <=4.30.11)
systeminformation NPM version =3.30.6, =1.0.1, =2.8.3-5, =1.0.7, =1.0.0, =1.0.148 and more Source cves: CVE-2020-26245 Source advisory: OSV:GHSA-4V2W-H9JM-MQJG...
Prototype Pollution in systeminformation
Impact command injection vulnerability by prototype pollution Patches Problem was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. Please upgrade to version = 4.30.2 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are...
GHSA-4V2W-H9JM-MQJG Prototype Pollution in systeminformation
Impact command injection vulnerability by prototype pollution Patches Problem was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. Please upgrade to version = 4.30.2 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are...
Systeminformation Operating System Command Injection Vulnerability
systeminformation is an Npm software library that can obtain operating system information. An operating system command injection vulnerability exists in versions prior to npm package systeminformation 4.30.5, which stems from the fact that npm package systeminformation is susceptible to prototype...
CVE-2020-7778
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...
DEBIAN-CVE-2020-7778
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...
CVE-2020-7778
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...
CVE-2020-7778
CVE-2020-7778 affects systeminformation prior to 4.30.2. It is a prototype pollution vulnerability where an attacker can overwrite object properties (e.g., proto ) to cause code execution, potentially enabling OS commands. Affected versions: systeminformation
CVE-2020-7778 Prototype Pollution
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...
CVE-2020-7778
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...
Systeminformation Operating System Command Injection Vulnerability
systeminformation is an Npm software library for individual developers individual developers to obtain operating system information. A security vulnerability exists in systeminformation version 4.30.2, which can be exploited by an attacker to override properties and functions of an object, leadin...
@azteam/monitor (>=1.0.1 <=1.0.9), @best/builder (=4.0.0-beta10) +24 more potentially affected by CVE-2020-26245 +1 more via systeminformation (>=4.0.10 <=4.30.11)
systeminformation NPM version =4.0.10, =1.0.1, =0.0.3, =1.1.0, =1.2.3 - @hnordt/sysinfo =0.1.1 and more Source cves: CVE-2020-26245, CVE-2020-7778 Source advisory: SNYK:JS-SYSTEMINFORMATION-1043753...
Prototype Pollution
Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Prototype Pollution. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. Note: The fix for this vulnerability is...
OS Command Injection
systeminformation is vulnerable to OS command injection. The inetChecksite, services, inetChecksite, inetLatency, networkStats, services and processLoad functions allow an attacker to inject and execute arbitrary OS commands due to insufficient sanitization...
@azteam/monitor (>=1.0.1 <=1.0.9), @bb-cli/e2e-bb-test (>=2.8.3-5 <=2.8.4) +205 more potentially affected by CVE-2020-26300 via systeminformation (>=3.30.6 <=4.26.12)
systeminformation NPM version =3.30.6, =1.0.1, =2.8.3-5, =1.0.7, =1.0.0, =0.0.3, =1.0.0, =1.1.0, =5.0.0, =1.0.0, =1.0.0-beta.7, =0.1.0, =0.1.0, =0.5.0-unstable-20220415132826 and more Source cves: CVE-2020-26300 Source advisory: OSV:GHSA-FJ59-F6C3-3VW4...
@azteam/monitor (>=1.0.1 <=1.0.9), @bb-cli/e2e-bb-test (>=2.8.3-5 <=2.8.4) +206 more potentially affected by CVE-2020-7752 via systeminformation (>=3.30.6 <=4.26.9)
systeminformation NPM version =3.30.6, =1.0.1, =2.8.3-5, =1.0.7, =1.0.0, =0.0.3, =1.0.0, =1.1.0, =5.0.0, =1.0.0, =1.0.0-beta.7, =0.1.0, =0.4.0-unstable-20200922091941 and more Source cves: CVE-2020-7752 Source advisory: OSV:GHSA-94XH-2FMC-XF5J...
GHSA-94XH-2FMC-XF5J systeminformation command injection vulnerability
Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.27.11 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite References Are there any links use...
OS Command Injection
systeminformation is vulnerable to OS command injection. The inetChecksite function allows an attacker to inject and execute arbitrary OS commands via curl parameters...
Systeminformation Command Injection Vulnerability
systeminformation is an Npm repository of operating system information for individual developers. A command injection vulnerability exists in systeminformation versions prior to 4.27.11, which allows an attacker to concatenate curl arguments to overwrite a Javascript file and then execute all OS...
CVE-2020-7752
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...