Prototype Pollution in systeminformation
Moderate severity
GitHub Reviewed
Published
Nov 27, 2020
in
sebhildebrandt/systeminformation
•
Updated Jan 9, 2023
Description
Reviewed
Nov 27, 2020
Published to the GitHub Advisory Database
Nov 27, 2020
Last updated
Jan 9, 2023
Impact
command injection vulnerability by prototype pollution
Patches
Problem was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. Please upgrade to version >= 4.30.2
Workarounds
If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite()
For more information
If you have any questions or comments about this advisory:
References