CVE-2020-26300

Beschreibung:
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.

CWE: CWE-77

CVSS-Bewertung
CVSS 2: HIGH – 7.5 (Version: 2.0)
CVSS 3: CRITICAL – 9.8 (Version: 3.1)

Links:

NVD – CVE-2020-26300
CVE – CVE-2020-26300

Link (max. 20) Quelle Tags
https://www.npmjs.com/package/systeminformation MISC Product Third Party Advisory
https://github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d786acbba0035ded54c607 MISC Patch Third Party Advisory
https://github.com/advisories/GHSA-fj59-f6c3-3vw4 CONFIRM Patch Third Party Advisory
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-fj59-f6c3-3vw4 MISC Third Party Advisory

Quelle: NVD – CVE-2020-26300
Datum Veröffentlichung: 2021-09-09T01:15Z, Datum letzte Änderung: 2021-09-15T14:50Z