Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution leading to Command Injection in systeminformation
Vulnerability Description
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite().
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
systeminformation 操作系统命令注入漏洞
Vulnerability Description
systeminformation是一个可以获得操作系统信息的 Npm 软件库。 npm package systeminformation 4.30.5 之前版本存在操作系统命令注入漏洞,该漏洞源于npm包系统信息很容易受到原型污染而导致命令注入。这个问题通过重写shell sanitations来解决,以避免原型机污染问题。
CVSS Information
N/A
Vulnerability Type
N/A