CVE-2020-26274

Summary

In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.

Affected Software

VendorProductVersion RangeStatus
sebhildebrandtsysteminformation< 4.31.1affected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

References