systeminformation command injection vulnerability
High severity
GitHub Reviewed
Published
Oct 27, 2020
in
sebhildebrandt/systeminformation
•
Updated Sep 6, 2023
Description
Published by the National Vulnerability Database
Oct 26, 2020
Reviewed
Oct 27, 2020
Published to the GitHub Advisory Database
Oct 27, 2020
Last updated
Sep 6, 2023
Impact
command injection vulnerability
Patches
Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.27.11
Workarounds
If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite()
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory:
References