Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`
Vulnerability Description
systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` output in `versions()`. Version 5.31.0 fixes the issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
systeminformation 操作系统命令注入漏洞
Vulnerability Description
systeminformation是Sebastian Hildebrandt个人开发者的一个可以获得操作系统信息的 Npm 软件库。 systeminformation 5.31.0之前版本存在操作系统命令注入漏洞,该漏洞源于versions函数中未清理的locate输出,可能导致命令注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A