Vulnerability	Vulnerable Version
C Arbitrary Command Injection systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Arbitrary Command Injection via the `wifiConnections()` and `wifiNetworks()` functions. An attacker can inject malicious commands by crafting detected SSIDs. How to fix Arbitrary Command Injection? Upgrade `systeminformation` to version 5.21.7 or higher.	>=5.0.0 <5.21.7
L Improper Input Validation systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Improper Input Validation. The function versions doesn't check the input of the user, which is expected a string. `const si = require('systeminformation'); si.versions({toString : () => { console.log("This is a PoC") }});` How to fix Improper Input Validation? Upgrade `systeminformation` to version 5.6.11 or higher.	<5.6.11
M Arbitrary Command Injection systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Arbitrary Command Injection. Service parameters passed to `si.inetLatency()`, `si.inetChecksite()`, `si.services()`, and `si.processLoad()` are not sanitized properly. How to fix Arbitrary Command Injection? Upgrade `systeminformation` to version 5.6.4 or higher.	<5.6.4

Go back to all versions of this package