systeminformation is vulnerable to Command Injection
70
High Risk
In v5.31.7, the networkInterfaces() implementation on Linux fixed an unsanitized command injection issue caused by constructing and executing a shell command with execSync (including attacker-influencable file). The patch removes shell execution and reads the target file directly in-process, preventing command injection.
You are affected if you are using a version that falls within the vulnerable range and if you use the networkInterfaces() function on Linux.
systeminformation is vulnerable to Command Injection in versions 4.17.0 - 5.31.6.
Upgrade the systeminformation library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant