HIGH🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2021-21315

CVSS 7.1v3.1pub. 2021-02-16upd. 2025-10-24

The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
  • Apache Cordova

    APP
    Apache
    10.0.0
  • Systeminformation

    APP
    Systeminformation
    < 5.3.1

CISA KEV — detailsi

Vendori
Npm package
Producti
System Information Library for Node.JS
Added to KEVi
January 18, 2022
Remediation deadline (US Federal)i
February 1, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 1 lutego 2022
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2023-42810CRITICAL9.8ten sam produkt

systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Comma...

CVE-2014-0073CRITICAL9.8ten sam produkt

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrow...

CVE-2026-26318HIGH8.8ten sam produkt

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable ...

CVE-2026-26280HIGH8.4ten sam produkt

systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command i...

CVE-2025-68154HIGH8.1ten sam produkt

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSiz...