Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection Vulnerability in systeminformation
Vulnerability Description
systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >= 5.6.4. If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
systeminformation 操作系统命令注入漏洞
Vulnerability Description
systeminformation是一个可以获得操作系统信息的 Npm 软件库。 systeminformation 存在操作系统命令注入漏洞,该漏洞源于系统信息中已发现命令注入漏洞。
CVSS Information
N/A
Vulnerability Type
N/A