RCE in Sebhildebrandt Systeminformation
CVE-2021-21388
systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on us…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.006 (70.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.9 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H.
Affected products
- Sebhildebrandt Systeminformation — versions < 5.6.4
Weakness classification (CWE)
References
- www.npmjs.com/package/systeminformation (x_refsource_MISC)
- github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-jff2-qjw8-… (x_refsource_CONFIRM)
- github.com/sebhildebrandt/systeminformation/commit/01ef56cd5824ed6da1c11b37013a… (x_refsource_MISC)
- github.com/sebhildebrandt/systeminformation/commit/0be6fcd575c05687d1076d5cd6d7… (x_refsource_MISC)
- github.com/sebhildebrandt/systeminformation/commit/7922366d707de7f20995fc8e30ac… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-21388?
- CVE-2021-21388 is a high-severity vulnerability in Sebhildebrandt Systeminformation, classified under Improper Input Validation. CVSS score: 8.9/10. Published 2021-04-29.
- How severe is CVE-2021-21388?
- High severity. CVSS v3 base score is 8.9 out of 10.