Vulnerability Description
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systeminformation | Systeminformation | < 4.26.2 |
Related Weaknesses (CWE)
References
- https://github.com/advisories/GHSA-fj59-f6c3-3vw4PatchThird Party Advisory
- https://github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d78PatchThird Party Advisory
- https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-fj5Third Party Advisory
- https://www.npmjs.com/package/systeminformationProductThird Party Advisory
- https://github.com/advisories/GHSA-fj59-f6c3-3vw4PatchThird Party Advisory
- https://github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d78PatchThird Party Advisory
- https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-fj5Third Party Advisory
- https://www.npmjs.com/package/systeminformationProductThird Party Advisory
FAQ
What is CVE-2020-26300?
CVE-2020-26300 is a vulnerability with a CVSS score of 5.9 (MEDIUM). systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixe...
How severe is CVE-2020-26300?
CVE-2020-26300 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26300?
Check the references section above for vendor advisories and patch information. Affected products include: Systeminformation Systeminformation.