Description
In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.
Remediation
References
https://www.npmjs.com/package/systeminformation
https://github.com/sebhildebrandt/systeminformation/commit/1faadcbf68f1b1fdd5eb2054f68fc932be32ac99
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-m57p-p67h-mq74
Related Vulnerabilities
CVE-2023-36820 Vulnerability in maven package io.micronaut.security:micronaut-security-oauth2
CVE-2019-10463 Vulnerability in maven package org.jenkins-ci.plugins:dynatrace-dashboard
CVE-2019-10744 Vulnerability in npm package @sailshq/lodash
CVE-2022-28135 Vulnerability in maven package org.jvnet.hudson.plugins:instant-messaging