Systeminformation
By the Year
In 2024 there have been 0 vulnerabilities in Systeminformation . Last year Systeminformation had 1 security vulnerability published. Right now, Systeminformation is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
| 2022 | 0 | 0.00 |
| 2021 | 3 | 9.13 |
| 2020 | 4 | 8.68 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Systeminformation vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Systeminformation Security Vulnerabilities
systeminformation is a System Information Library for Node.JS
CVE-2023-42810
9.8 - Critical
- September 21, 2023
systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).
Command Injection
systeminformation is an npm package that provides system and OS information library for node.js
CVE-2020-26300
9.8 - Critical
- September 09, 2021
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.
Shell injection
systeminformation is an open source system and OS information library for node.js
CVE-2021-21388
9.8 - Critical
- April 29, 2021
systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >= 5.6.4. If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.
Shell injection
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware
CVE-2021-21315
7.8 - High
- February 16, 2021
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.
Shell injection
In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability
CVE-2020-26274
8.8 - High
- December 16, 2020
In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.
Shell injection
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection
CVE-2020-26245
9.8 - Critical
- November 27, 2020
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite().
Shell injection
This affects the package systeminformation before 4.30.2
CVE-2020-7778
7.3 - High
- November 26, 2020
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
Shell injection
This affects the package systeminformation before 4.27.11
CVE-2020-7752
8.8 - High
- October 26, 2020
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Systeminformation or by Systeminformation? Click the Watch button to subscribe.
