Количество 2
Количество 2
CVE-2025-68154
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function. The actual exploitability depends on how applications use this function. If an application does not pass user-controlled input to `fsSize()`, it is not vulnerable. Version 5.27.14 contains a patch.
GHSA-wphj-fx3q-84ch
systeminformation has a Command Injection vulnerability in fsSize() function on Windows
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-68154 systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function. The actual exploitability depends on how applications use this function. If an application does not pass user-controlled input to `fsSize()`, it is not vulnerable. Version 5.27.14 contains a patch. | CVSS3: 8.1 | 0% Низкий | около 2 месяцев назад |
| GHSA-wphj-fx3q-84ch systeminformation has a Command Injection vulnerability in fsSize() function on Windows | CVSS3: 8.1 | 0% Низкий | около 2 месяцев назад |
Уязвимостей на страницу