Vulnerability	Vulnerable Version
H Command Injection systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via the `wifiNetworks()` function. Although the `iface` parameter is sanitized, it is passed unsanitized to `execSync()` when a timeout triggers a retry. An attacker can execute arbitrary operating system commands by supplying crafted input to the `iface` parameter. How to fix Command Injection? Upgrade `systeminformation` to version 5.30.8 or higher.	<5.30.8
H Command Injection systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via the `versions()` function, which executes a `locate` command to find a PostgreSQL installation on Linux. An attacker who can write files to the target filesystem can execute arbitrary commands with the privileges of the running process by planting a file whose name contains shell metacharacters. The attacker must have sufficient permissions to write files in directories indexed by `updatedb`. How to fix Command Injection? Upgrade `systeminformation` to version 5.31.0 or higher.	<5.31.0

Command Injection

systeminformation is a simple system and OS information library.

Affected versions of this package are vulnerable to Command Injection via the wifiNetworks() function. Although the iface parameter is sanitized, it is passed unsanitized to execSync() when a timeout triggers a retry. An attacker can execute arbitrary operating system commands by supplying crafted input to the iface parameter.

How to fix Command Injection?

Upgrade systeminformation to version 5.30.8 or higher.

<5.30.8

Command Injection

systeminformation is a simple system and OS information library.

Affected versions of this package are vulnerable to Command Injection via the versions() function, which executes a locate command to find a PostgreSQL installation on Linux. An attacker who can write files to the target filesystem can execute arbitrary commands with the privileges of the running process by planting a file whose name contains shell metacharacters. The attacker must have sufficient permissions to write files in directories indexed by updatedb.

How to fix Command Injection?

Upgrade systeminformation to version 5.31.0 or higher.

<5.31.0

Go back to all versions of this package