Systeminformation

Systeminformation

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-26318

Exploit
  • EPSS 0.03%
  • Veröffentlicht 19.02.2026 19:48:55
  • Zuletzt bearbeitet 20.02.2026 19:51:20

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` output in `versions()`. Version 5.31.0 fixes the issue.

7.8

CVE-2026-26280

Exploit
  • EPSS 0.03%
  • Veröffentlicht 19.02.2026 19:43:05
  • Zuletzt bearbeitet 20.02.2026 20:10:59

systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the `wifiNetworks()` function allows an attacker to execute arbitrary OS commands via an unsanitized network inter...

8.1

CVE-2025-68154

Exploit
  • EPSS 0.06%
  • Veröffentlicht 16.12.2025 18:18:03
  • Zuletzt bearbeitet 19.02.2026 16:26:21

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly conc...

9.8

CVE-2023-42810

  • EPSS 2.06%
  • Veröffentlicht 21.09.2023 18:15:12
  • Zuletzt bearbeitet 21.11.2024 08:23:15

systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter str...

9.8

CVE-2020-26300

  • EPSS 1.12%
  • Veröffentlicht 09.09.2021 01:15:06
  • Zuletzt bearbeitet 21.11.2024 05:19:48

systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation...

9.8

CVE-2021-21388

  • EPSS 0.62%
  • Veröffentlicht 29.04.2021 18:15:09
  • Zuletzt bearbeitet 21.11.2024 05:48:15

systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. P...

7.8

CVE-2021-21315

Warnung
  • EPSS 93.93%
  • Veröffentlicht 16.02.2021 17:15:13
  • Zuletzt bearbeitet 24.10.2025 14:47:57

The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vu...

8.8

CVE-2020-26274

  • EPSS 1.39%
  • Veröffentlicht 16.12.2020 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:19:43

In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.

9.8

CVE-2020-26245

  • EPSS 1.13%
  • Veröffentlicht 27.11.2020 20:15:10
  • Zuletzt bearbeitet 21.11.2024 05:19:38

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30....

7.5

CVE-2020-7778

Exploit
  • EPSS 1.1%
  • Veröffentlicht 26.11.2020 11:15:10
  • Zuletzt bearbeitet 21.11.2024 05:37:47

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.