CVE-2020-26274
- Source
- https://cve.org/CVERecord?id=CVE-2020-26274
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26274.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-26274
- Aliases
- Related
- Published
- 2020-12-16T20:15:14.093Z
- Modified
- 2026-04-10T04:25:23.490282Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.
- References
Affected packages
Git / github.com/sebhildebrandt/systeminformation
Affected versions
v3.*
v3.42.5
v3.42.6
v3.42.7
v3.42.8
v3.45.8
v3.45.9
v3.48.2
v3.48.3
v3.48.4
v3.51.1
v3.51.2
v3.52.0
v3.52.1
v4.*
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.6
v4.0.7
v4.0.9
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.11.5
v4.11.6
v4.12.1
v4.12.2
v4.13.1
v4.13.2
v4.14.0
v4.14.10
v4.14.11
v4.14.14
v4.14.15
v4.14.3
v4.14.5
v4.14.6
v4.14.7
v4.14.9
v4.15.0
v4.15.1
v4.16.0
v4.16.1
v4.17.0
v4.17.1
v4.17.2
v4.17.3
v4.18.0
v4.18.1
v4.18.2
v4.18.3
v4.19.0
v4.19.1
v4.19.2
v4.19.3
v4.19.4
v4.2.0
v4.2.1
v4.20.0
v4.20.1
v4.21.0
v4.22.6
v4.22.7
v4.23.0
v4.23.1
v4.23.10
v4.23.2
v4.23.3
v4.23.4
v4.23.5
v4.23.6
v4.23.7
v4.23.8
v4.23.9
v4.24.0
v4.24.1
v4.25.2
v4.26.10
v4.26.11
v4.26.12
v4.26.2
v4.26.3
v4.26.4
v4.26.5
v4.26.6
v4.26.7
v4.26.8
v4.26.9
v4.27.0
v4.27.1
v4.27.10
v4.27.11
v4.27.2
v4.27.3
v4.27.4
v4.27.5
v4.27.6
v4.27.7
v4.27.8
v4.27.9
v4.28.0
v4.28.1
v4.29.0
v4.29.1
v4.29.2
v4.29.3
v4.3.0
v4.30.0
v4.30.1
v4.30.10
v4.30.11
v4.30.2
v4.30.3
v4.30.4
v4.30.5
v4.30.6
v4.30.7
v4.30.8
v4.30.9
v4.6.1
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.8.4
v4.9.0