npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite().
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-11-27T19:50:04
Updated: 2024-08-04T15:56:03.692Z
Reserved: 2020-10-01T00:00:00
Link: CVE-2020-26245
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-11-27T20:15:10.963
Modified: 2024-11-21T05:19:38.313
Link: CVE-2020-26245
Redhat
No data.