systeminformation vulnerable to Command Injection. The si.services
function does not properly validate the input strings, allowing a malicious user to inject and execute malicious commands.
CPE | Name | Operator | Version |
---|---|---|---|
systeminformation | le | 4.26.1 | |
systeminformation | le | 4.26.1 |
github.com/advisories/GHSA-fj59-f6c3-3vw4
github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d786acbba0035ded54c607
github.com/sebhildebrandt/systeminformation/commit/f89a2ec63fe4dba889612a086ea243a2e7d57f58
github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-fj59-f6c3-3vw4
securitylab.github.com/advisories/GHSL-2020-112-systeminformation/
www.npmjs.com/package/systeminformation