← Zuruck zu CVEs
CVE-2021-21315
HIGHCISA KEV7.1
Beschreibung
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.
CVE Details
CVSS v3.1 Bewertung7.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/16/2021
Zuletzt geandert10/24/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerNpm package
ProduktSystem Information Library for Node.JS
SchwachstellennameSystem Information Library for Node.JS Command Injection
KEV Aufnahmedatum2022-01-18
Behebungsfrist2022-02-01
Ransomware-NutzungUnknown
Betroffene Produkte
apache:cordovasysteminformation:systeminformation
Schwachen (CWE)
CWE-78CWE-78
Referenzen
https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525(security-advisories@github.com)
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v(security-advisories@github.com)
https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E(security-advisories@github.com)
https://security.netapp.com/advisory/ntap-20210312-0007/(security-advisories@github.com)
https://www.npmjs.com/package/systeminformation(security-advisories@github.com)
https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210312-0007/(af854a3a-2127-422b-91ae-364da2661108)
https://www.npmjs.com/package/systeminformation(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21315(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.