← Retour aux CVEs
CVE-2021-21315
HIGHCISA KEV7.1
Description
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.
Details CVE
Score CVSS v3.17.1
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/16/2021
Derniere modification10/24/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurNpm package
ProduitSystem Information Library for Node.JS
Nom vulnerabiliteSystem Information Library for Node.JS Command Injection
Date ajout KEV2022-01-18
Date limite remediation2022-02-01
Utilise dans ransomwareUnknown
Produits affectes
apache:cordovasysteminformation:systeminformation
Faiblesses (CWE)
CWE-78CWE-78
References
https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525(security-advisories@github.com)
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v(security-advisories@github.com)
https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E(security-advisories@github.com)
https://security.netapp.com/advisory/ntap-20210312-0007/(security-advisories@github.com)
https://www.npmjs.com/package/systeminformation(security-advisories@github.com)
https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210312-0007/(af854a3a-2127-422b-91ae-364da2661108)
https://www.npmjs.com/package/systeminformation(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21315(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.