systeminformation
npm9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting systeminformationpage 1 of 1
- CVE-2020-26245HIGHCVSS 8.1EG 8.1✓ Fixed in 4.30.52020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in ve…
- CVE-2020-26274MEDIUMCVSS 6.4EG 6.4✓ Fixed in 4.31.12020-12-16
In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.
- CVE-2020-26300MEDIUMCVSS 5.9EG 5.9✓ Fixed in 4.26.22021-09-09
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string…
- CVE-2020-7752HIGHCVSS 8.8EG 8.8✓ Fixed in 4.27.112020-10-26
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
- CVE-2020-7778HIGHCVSS 7.3EG 7.3✓ Fixed in 4.30.22020-11-26
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
- CVE-2021-21315HIGHCVSS 7.1EG 9.0⚠ KEV✓ Fixed in 5.3.12021-02-16
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command i…
- CVE-2021-21388HIGHCVSS 8.9EG 8.9✓ Fixed in 5.6.42021-04-29
systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on us…
- CVE-2023-42810CRITICALCVSS 9.8EG 9.8✓ Fixed in 5.21.72023-09-21
systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize pa…
- CVE-2024-56334HIGHCVSS 7.8EG 7.8✓ Fixed in 5.23.72024-12-20
systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious conte…
Check whether systeminformation is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for systeminformation CVEs against the assets you own.
Start Free Scan →