CVE-2020-26274

Опубликовано: 16 дек. 2020

Источник: nvd

CVSS3: 6.4

CVSS3: 8.8

CVSS2: 7.5

EPSS Низкий

Описание

In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.

Ссылки

https://github.com/sebhildebrandt/systeminformation/commit/1faadcbf68f1b1fdd5eb2054f68fc932be32ac99
Patch
Third Party Advisory
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-m57p-p67h-mq74
Third Party Advisory
https://www.npmjs.com/package/systeminformation
Product
Third Party Advisory
https://github.com/sebhildebrandt/systeminformation/commit/1faadcbf68f1b1fdd5eb2054f68fc932be32ac99
Patch
Third Party Advisory
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-m57p-p67h-mq74
Third Party Advisory
https://www.npmjs.com/package/systeminformation
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:systeminformation:systeminformation:*:*:*:*:*:node.js:*:*

Версия до 4.31.1 (исключая)

EPSS

Процентиль: 80%

0.01389

Низкий

6.4 Medium

CVSS3

8.8 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-m57p-p67h-mq74

CVSS3: 6.4

github

около 5 лет назад

Command Injection Vulnerability in systeminformation

EPSS

Процентиль: 80%

0.01389

Низкий

6.4 Medium

CVSS3

8.8 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78