Skip to content

Prototype Pollution in systeminformation

Moderate severity GitHub Reviewed Published Nov 27, 2020 in sebhildebrandt/systeminformation • Updated Jan 9, 2023

Package

npm systeminformation (npm)

Affected versions

< 4.30.5

Patched versions

4.30.5

Description

Impact

command injection vulnerability by prototype pollution

Patches

Problem was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. Please upgrade to version >= 4.30.2

Workarounds

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite()

For more information

If you have any questions or comments about this advisory:

References

Reviewed Nov 27, 2020
Published to the GitHub Advisory Database Nov 27, 2020
Last updated Jan 9, 2023

Severity

Moderate

EPSS score

0.183%
(56th percentile)

CVE ID

CVE-2020-26245

GHSA ID

GHSA-4v2w-h9jm-mqjg

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.