systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >= 5.6.4. If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-04-29T17:20:20

Updated: 2024-08-03T18:09:16.086Z

Reserved: 2020-12-22T00:00:00

Link: CVE-2021-21388

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-04-29T18:15:09.540

Modified: 2024-11-21T05:48:15.357

Link: CVE-2021-21388

cve-icon Redhat

No data.