CVE-2021-21388 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-21388 PUBLISHED CVSS 8.899999618530273 HIGH

systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >= 5.6.4. If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.

EPSS 0.62% · 69.8th percentile

Risk Scores

CVSS v3.1

8.899999618530273

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H

EPSS Score

0.62%

69.8th percentile

Affected Products

Vendor	Product	Versions
systeminformation	systeminformation	0
sebhildebrandt	systeminformation	< 5.6.4
npm	systeminformation	0

Timeline

Apr 6, 2021 CVE Published
Apr 30, 2021 EPSS Score
Jul 3, 2021 EPSS Score
Nov 3, 2021 EPSS Score
Jan 3, 2022 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 7, 2022 EPSS Score
Jul 7, 2022 EPSS Score
Sep 8, 2022 EPSS Score
Jan 9, 2023 EPSS Score

References

Open in Interactive Console →