Description
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.
References (4)
Core 4
Core References
Product, Third Party Advisory x_refsource_misc
https://www.npmjs.com/package/systeminformation
Patch, Third Party Advisory x_refsource_confirm
https://github.com/advisories/GHSA-fj59-f6c3-3vw4
Third Party Advisory x_refsource_misc
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-fj59-f6c3-3vw4
Patch, Third Party Advisory x_refsource_misc
https://github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d786acbba0035ded54c607
Scores
CVSS v3
5.9
EPSS
0.0152
EPSS Percentile
81.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-78
CWE-77
Status
published
Products (2)
npm/systeminformation
0 - 4.26.2npm
systeminformation/systeminformation
< 4.26.2
Published
Sep 09, 2021
Tracked Since
Feb 18, 2026