Command Injection Vulnerability

GHSA-2m8v-572m-ff2v · CVE-2021-21315

Published Feb 16, 2021 · Modified Mar 13, 2026

Description

Impact

command injection vulnerability

Patches

Problem was fixed with a parameter check. Please upgrade to version >= 5.3.1

Workarounds

If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.

References

WEB https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-21315
WEB https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525
PACKAGE https://github.com/sebhildebrandt/systeminformation
WEB https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E
WEB https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05@%3Cissues.cordova.apache.org%3E
WEB https://security.netapp.com/advisory/ntap-20210312-0007
WEB https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21315
WEB https://www.npmjs.com/package/systeminformation

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes