MEDIUM 6.4

GHSA-m57p-p67h-mq74

Command Injection Vulnerability in systeminformation

Details

### Impact command injection vulnerability

### Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.31.1

### Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetLatency()

### For more information If you have any questions or comments about this advisory: * Open an issue in [systeminformation](https://github.com/sebhildebrandt/systeminformation/issues/new?template=bug_report.md)

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / systeminformation

Introduced in: 0 Fixed in: 4.31.1

Fix npm install systeminformation@4.31.1

References

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-m57p-p67h-mq74 [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2020-26274 [ADVISORY]
https://github.com/sebhildebrandt/systeminformation/commit/1faadcbf68f1b1fdd5eb2054f68fc932be32ac99 [WEB]
https://www.npmjs.com/advisories/1590 [WEB]
https://www.npmjs.com/package/systeminformation [WEB]