Lucene search

Veracode Vulnerability DatabaseVERACODE:29414

HistoryFeb 17, 2021 - 3:15 a.m.

OS Command Injection

2021-02-1703:15:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.973 High

EPSS

Percentile

99.9%

JSON

systeminformation is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() etc.

CPENameOperatorVersion
systeminformationle5.3.0

CPE	Name	Operator	Version
	systeminformation	le	5.3.0

References

github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525

github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v

lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05@%3Cissues.cordova.apache.org%3E

security.netapp.com/advisory/ntap-20210312-0007/

www.npmjs.com/advisories/1626

www.npmjs.com/package/systeminformation

0.973 High

EPSS

Percentile

99.9%

JSON

Related for VERACODE:29414