Количество 3
Количество 3
CVE-2021-21388
systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >= 5.6.4. If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.
GHSA-jff2-qjw8-5476
Command Injection Vulnerability in systeminformation
BDU:2021-05431
Уязвимость библиотеки systeminformation программной платформы Node.js, позволяющая нарушителю выполнить произвольный код
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-21388 systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >= 5.6.4. If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected. | CVSS3: 8.9 | 1% Низкий | около 4 лет назад |
| GHSA-jff2-qjw8-5476 Command Injection Vulnerability in systeminformation | CVSS3: 8.9 | 1% Низкий | около 4 лет назад |
 | BDU:2021-05431 Уязвимость библиотеки systeminformation программной платформы Node.js, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 1% Низкий | больше 4 лет назад |
Уязвимостей на страницу