CVE-2021-21315: OS Command Injection

February 16, 2021 (updated November 7, 2023)

The System Information Library for Node.As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() … do only allow strings, reject any arrays. String sanitation works as expected.

References

nvd.nist.gov/vuln/detail/CVE-2021-21315

Detect and mitigate CVE-2021-21315 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →