Moderate severityNVD Advisory· Published Sep 9, 2021· Updated Aug 4, 2024
Command injection in systeminformation
CVE-2020-26300
Description
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
systeminformationnpm | < 4.26.2 | 4.26.2 |
Affected products
2- Range: < 4.26.2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-fj59-f6c3-3vw4ghsax_refsource_CONFIRMADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-26300ghsaADVISORY
- github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d786acbba0035ded54c607ghsax_refsource_MISCWEB
- github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-fj59-f6c3-3vw4ghsax_refsource_MISCWEB
- www.npmjs.com/package/systeminformationghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.