CVE-2020-26300

Опубликовано: 09 сент. 2021

Источник: nvd

CVSS3: 5.9

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.

Ссылки

https://github.com/advisories/GHSA-fj59-f6c3-3vw4
Patch
Third Party Advisory
https://github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d786acbba0035ded54c607
Patch
Third Party Advisory
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-fj59-f6c3-3vw4
Third Party Advisory
https://www.npmjs.com/package/systeminformation
Product
Third Party Advisory
https://github.com/advisories/GHSA-fj59-f6c3-3vw4
Patch
Third Party Advisory
https://github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d786acbba0035ded54c607
Patch
Third Party Advisory
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-fj59-f6c3-3vw4
Third Party Advisory
https://www.npmjs.com/package/systeminformation
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:systeminformation:systeminformation:*:*:*:*:*:node.js:*:*

Версия до 4.26.2 (исключая)

EPSS

Процентиль: 78%

0.01121

Низкий

5.9 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-77

CWE-78

Связанные уязвимости

GHSA-fj59-f6c3-3vw4

CVSS3: 5.9

github

больше 5 лет назад

Command Injection in systeminformation

EPSS

Процентиль: 78%

0.01121

Низкий

5.9 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-77

CWE-78