Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection
Vulnerability Description
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
systeminformation 命令注入漏洞
Vulnerability Description
systeminformation是个人开发者个人开发者的一个可以获得操作系统信息的 Npm 软件库。 systeminformation 4.27.11 之前版本存在命令注入漏洞,该漏洞允许攻击者可以串联curl的参数来覆盖Javascript文件,然后执行所有OS命令。
CVSS Information
N/A
Vulnerability Type
N/A