npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite().
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:LSysteminformation
APPSysteminformation< 4.30.5
Related vulnerabilities
systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Comma...
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of f...
systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable ...
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command i...
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSiz...