← Volver a CVEs
CVE-2021-21315
HIGHCISA KEV7.1
Descripcion
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.
Detalles CVE
Puntuacion CVSS v3.17.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/16/2021
Ultima modificacion10/24/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorNpm package
ProductoSystem Information Library for Node.JS
Nombre vulnerabilidadSystem Information Library for Node.JS Command Injection
Fecha inclusion KEV2022-01-18
Fecha limite remediacion2022-02-01
Uso en ransomwareUnknown
Productos afectados
apache:cordovasysteminformation:systeminformation
Debilidades (CWE)
CWE-78CWE-78
Referencias
https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525(security-advisories@github.com)
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v(security-advisories@github.com)
https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E(security-advisories@github.com)
https://security.netapp.com/advisory/ntap-20210312-0007/(security-advisories@github.com)
https://www.npmjs.com/package/systeminformation(security-advisories@github.com)
https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210312-0007/(af854a3a-2127-422b-91ae-364da2661108)
https://www.npmjs.com/package/systeminformation(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21315(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.