In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.
References
Link | Resource |
---|---|
https://github.com/sebhildebrandt/systeminformation/commit/1faadcbf68f1b1fdd5eb2054f68fc932be32ac99 | Patch Third Party Advisory |
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-m57p-p67h-mq74 | Third Party Advisory |
https://www.npmjs.com/package/systeminformation | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-12-16T19:30:18
Updated: 2020-12-16T19:30:18
Reserved: 2020-10-01T00:00:00
Link: CVE-2020-26274
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-16T20:15:14.093
Modified: 2020-12-18T14:04:33.960
Link: CVE-2020-26274
JSON object: View
Redhat Information
No data.
CWE