High severity7.8OSV Advisory· Published Dec 20, 2024· Updated Jun 17, 2026
CVE-2024-56334
CVE-2024-56334
Description
systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. This issue has been addressed in version 5.23.7 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
systeminformationnpm | < 5.23.7 | 5.23.7 |
Affected products
2- Range: v3.42.5, v3.42.6, v3.42.7, …
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.