← Back to CVEs
CVE-2021-21315
HIGHCISA KEV7.1
Description
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.
CVE Details
CVSS v3.1 Score7.1
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/16/2021
Last Modified10/24/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorNpm package
ProductSystem Information Library for Node.JS
Vulnerability NameSystem Information Library for Node.JS Command Injection
KEV Date Added2022-01-18
Remediation Due Date2022-02-01
Ransomware UseUnknown
Affected Products
apache:cordovasysteminformation:systeminformation
Weaknesses (CWE)
CWE-78CWE-78
References
https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525(security-advisories@github.com)
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v(security-advisories@github.com)
https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E(security-advisories@github.com)
https://security.netapp.com/advisory/ntap-20210312-0007/(security-advisories@github.com)
https://www.npmjs.com/package/systeminformation(security-advisories@github.com)
https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210312-0007/(af854a3a-2127-422b-91ae-364da2661108)
https://www.npmjs.com/package/systeminformation(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21315(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.