Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtOHYtNTcybS1mZjJ2

Command Injection Vulnerability

Impact

command injection vulnerability

Patches

Problem was fixed with a parameter check. Please upgrade to version >= 5.3.1

Workarounds

If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.

Permalink: https://github.com/advisories/GHSA-2m8v-572m-ff2v
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtOHYtNTcybS1mZjJ2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: 10 months ago

Identifiers: GHSA-2m8v-572m-ff2v, CVE-2021-21315
References:

Affected Packages

npm:systeminformation

Versions: < 5.3.1
Fixed in: 5.3.1