CVE-2022-40159

DISPUTED This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA...

Node.js third-party modules: [systeminformation] Command Injection via insecure command formatting

I would like to report a Command Injection vulnerability in the systeminformation package. It allows an attacker to inject arbitrary OS commands. Module Module name: systeminformation Version: 4.26.10 npm page: https://www.npmjs.com/package/systeminformation Module Description System and OS...