10 matches found
CVE-2021-21315
CVE-2021-21315 affects the npm package System Information (systeminformation) prior to version 5.3.1. The vulnerability is a command injection in functions that process service/latency queries (e.g., si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad()) which can be exploited via...
CVE-2020-26245
The CVE concerns the npm package systeminformation (prior to v4.30.5). A Prototype Pollution flaw can lead to Command Injection, with fixes implemented by rewriting shell sanitations to prevent pollution. Affected versions are before 4.30.5; remediation is to upgrade to v4.30.5 (or at least v4.30...
CVE-2021-21388
CVE-2021-21388 affects the systeminformation Node.js package (pre-5.6.4). It describes a command-injection flaw in how service parameters are handled (si.inetLatency, si.inetChecksite, si.services, si.processLoad, etc.). The root cause is insufficient validation of input parameters; upgrading to ...
CVE-2020-7778
CVE-2020-7778 affects systeminformation prior to 4.30.2. It is a prototype pollution vulnerability where an attacker can overwrite object properties (e.g., proto ) to cause code execution, potentially enabling OS commands. Affected versions: systeminformation
CVE-2020-26300
CVE-2020-26300 affects the systeminformation npm package. The vulnerability is a command injection flaw in systeminformation prior to version 4.26.2, arising from unsafely handled shell input. A shell-string sanitation fix was applied in 4.26.2, addressing the issue. Public advisories and securit...
CVE-2020-26274
The CVE-2020-26274 vulnerability affects the systeminformation npm package, specifically versions before 4.31.1, where a command injection flaw exists in how shell strings are handled. The root cause is improper sanitization of a crafted shell string, enabling arbitrary command execution on the h...
CVE-2020-7752
The CVE-2020-7752 entry covers the npm package systeminformation prior to 4.27.11, where untrusted curl arguments passed to the inetChecksite path enable command injection and arbitrary OS command execution. Impact is described as high in multiple sources; remediation is to upgrade to version 4.2...
CVE-2025-68154
The CVE-2025-68154 issue affects the systeminformation library for Node.js, where fsSize() on Windows unsafely concatenates the drive parameter into a PowerShell command, enabling OS command injection. The vulnerability is documented as high severity (CVSS 8.1) with potential for arbitrary comman...
CVE-2026-26280
CVE-2026-26280 affects the systeminformation library for Node.js. In versions prior to 5.30.8, wifiNetworks() is vulnerable to command injection: if the initial interface input yields no results, a retry path calls getWifiNetworkListIw(iface) with the original, unsanitized iface value, which is p...
CVE-2026-26318
The CVE-2026-26318 issue affects the systeminformation package for Node.js: versions prior to 5.31.0 are vulnerable to local command injection via unsanitized output from the locate command in versions(). Version 5.31.0 fixes the issue. Root has patched the vulnerability in @rootio/systeminformat...