CVE-2020-26300

Command Injection in npm/systeminformation

Identifiers

CVE-2020-26300, GHSA-fj59-f6c3-3vw4

Package Slug

npm/systeminformation

Vulnerability

Command Injection

Description

systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation there is a command injection vulnerability. Problem was fixed with a shell string sanitation fix.

Affected Versions

All versions before 4.26.2

Solution

Upgrade to version 4.26.2 or above.

Last Modified

2021-09-16

source