5.23.13
9 years ago
1 days ago
Known vulnerabilities in the systeminformation package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Arbitrary Command Injection via the How to fix Arbitrary Command Injection? Upgrade | >=5.0.0 <5.21.7 |
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Improper Input Validation. The function versions doesn't check the input of the user, which is expected a string.
How to fix Improper Input Validation? Upgrade | <5.6.11 |
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Arbitrary Command Injection. Service parameters passed to How to fix Arbitrary Command Injection? Upgrade | <5.6.4 |
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the How to fix Server-side Request Forgery (SSRF)? Upgrade | <5.3.4 |
systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection. It is possible to send an array instead of string, which bypasses the sanitizer. How to fix Command Injection? Upgrade | <4.34.11>=5.0.0 <5.3.1 |