HIGH 8.8
GHSA-94xh-2fmc-xf5j
systeminformation command injection vulnerability
Details
### Impact command injection vulnerability
### Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.27.11
### Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite()
### References _Are there any links users can visit to find out more?_
### For more information If you have any questions or comments about this advisory: * Open an issue in [systeminformation](https://github.com/sebhildebrandt/systeminformation/issues/new?template=bug_report.md)
Are you affected?
Enter the version of the package you're using.
Affected packages
npm / systeminformation
Introduced in:
0 Fixed in: 4.27.11 Fix
npm install systeminformation@4.27.11 References
- https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-94xh-2fmc-xf5j [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2020-7752 [ADVISORY]
- https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc10457bb8cd552d08089da61 [WEB]
- https://github.com/sebhildebrandt/systeminformation [PACKAGE]
- https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js [WEB]
- https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909 [WEB]
- https://www.npmjs.com/package/systeminformation [WEB]