5.23.9
9 years ago
5 hours ago
Known vulnerabilities in the systeminformation package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Improper Input Validation. The function versions doesn't check the input of the user, which is expected a string.
How to fix Improper Input Validation? Upgrade | <5.6.11 |
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Arbitrary Command Injection. Service parameters passed to How to fix Arbitrary Command Injection? Upgrade | <5.6.4 |
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the How to fix Server-side Request Forgery (SSRF)? Upgrade | <5.3.4 |
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection. It is possible to send an array instead of string, which bypasses the sanitizer. How to fix Command Injection? Upgrade | <4.34.11>=5.0.0 <5.3.1 |
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Denial of Service (DoS). By leveraging the How to fix Denial of Service (DoS)? Upgrade | <4.34.10 |
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection. The PoC
How to fix Command Injection? Upgrade | <4.31.1 |
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Prototype Pollution via improper shell sanitations in Note: This is due to an incomplete fix in CVE-2020-7778. How to fix Prototype Pollution? Upgrade | <4.30.5 |
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Prototype Pollution. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. Note: The fix for this vulnerability is insufficient, see CVE-2020-26245. How to fix Prototype Pollution? Upgrade | <4.30.2 |
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via How to fix Command Injection? Upgrade | <4.26.2 |
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands. How to fix Command Injection? Upgrade | <4.27.11 |