Command Injection Affecting systeminformation package, versions <4.27.11


0.0
high
  • Exploit Maturity

    Proof of concept

  • Attack Complexity

    Low

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JS-SYSTEMINFORMATION-1021909

  • published

    26 Oct 2020

  • disclosed

    25 Oct 2020

  • credit

    EffectRenan

How to fix?

Upgrade systeminformation to version 4.27.11 or higher.

Overview

systeminformation is a simple system and OS information library.

Affected versions of this package are vulnerable to Command Injection. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.