CVE-2021-21388, GHSA-jff2-qjw8-5476
npm/systeminformation
OS Command Injection
systeminformation is an open source system and OS information library for node.Please upgrade to If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.
All versions before 5.6.4
Upgrade to version 5.6.4 or above.
2021-05-06
source |