CVE-2021-21315, GHSA-2m8v-572m-ff2v
npm/systeminformation
OS Command Injection
The System Information Library for Node.As
a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency()
, si.inetChecksite()
, si.services()
, si.processLoad()
... do only allow strings, reject any arrays. String sanitation works as expected.
All versions before 5.3.1
Upgrade to version 5.3.1 or above.
2021-02-23
source |