CVE-2021-21388
OS Command Injection in npm/systeminformation
Identifiers
CVE-2021-21388, GHSA-jff2-qjw8-5476
Package Slug
npm/systeminformation
Vulnerability
OS Command Injection
Description
systeminformation is an open source system and OS information library for node.Please upgrade to If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.
Affected Versions
All versions before 5.6.4
Solution
Upgrade to version 5.6.4 or above.
Last Modified
2021-05-06
| source |