CVE-2021-21388: OS Command Injection

April 29, 2021 (updated May 5, 2021)

systeminformation is an open source system and OS information library for node.Please upgrade to If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.

References

nvd.nist.gov/vuln/detail/CVE-2021-21388

Detect and mitigate CVE-2021-21388 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →