Skip to content

Command Injection Vulnerability

Moderate
sebhildebrandt published GHSA-m57p-p67h-mq74 Dec 12, 2020

Package

npm systeminformation (npm)

Affected versions

< 4.31.1

Patched versions

4.31.1

Description

Impact

command injection vulnerability

Patches

Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.31.1

Workarounds

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetLatency()

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2020-26274

Weaknesses

No CWEs