Command injection in systeminformation
CVE-2020-26300

5.9MEDIUM

Key Information:

Vendor: Sebhildebrandt
Status: Systeminformation
Vendor: CVE Published:; 9 September 2021

🔔 Create Sebhildebrandt Vulnerability Alert

What is CVE-2020-26300?

systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.

Affected Version(s)

systeminformation < 4.26.2

References

https://www.npmjs.com/package/systeminformation

x_refsource_MISC

https://github.com/advisories/GHSA-fj59-f6c3-3vw4

x_refsource_CONFIRM

https://github.com/sebhildebrandt/systeminformation/secur...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2021
Vulnerability Reserved
Oct 1, 2020

CVE-2020-26300 Data

.