CVE-2021-21315

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-21315
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21315.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-21315
Aliases
Related
Published
2021-02-16T17:15:13.050Z
Modified
2026-03-15T14:42:37.957091Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.

References

Affected packages

Git / github.com/apache/cordova-android

Affected ranges

Type
GIT
Repo
https://github.com/apache/cordova-android
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7572fc4912c908adb9b0498959c0eadecbbc9f95
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/sebhildebrandt/systeminformation
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fbb5c2adcddd9e657d25fda8442c0b3de2c62fb0
Fixed
07daa05fb06f24f96297abaa30c2ace8bfd8b525
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.3.1"
        }
    ]
}

Affected versions

0.*
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.5.1
0.9.6
0.9.6.1
1.*
1.0.0
1.0.0rc1
1.0.0rc2
1.0.0rc3
1.1.0
1.2.0
1.3.0
1.3.0rc1
1.3.0rc2
1.4.0
1.4.0rc1
1.4.1
1.5.0
1.5.0rc1
1.6.0
1.6.0rc1
1.6.1
1.7.0
1.7.0rc1
1.8.0
1.8.0rc1
1.8.1pre
1.9.0
1.9.0rc1
10.*
10.0.0
2.*
2.0.0
2.0.0rc1
2.1.0
2.1.0rc1
2.1.0rc2
2.2.0
2.2.0rc1
2.2.0rc2
2.3.0
2.3.0rc1
2.3.0rc2
2.4.0
2.4.0rc1
2.4.0rc2
2.5.0
2.5.0rc1
Other
CheckIn_node_modules
CheckIn_node_modules_which
Gitignore_node_modules
StablePoC
rel/StablePoC
rel/10.*
rel/10.0.0
v2.*
v2.3.0rc1
v3.*
v3.42.5
v3.42.6
v3.42.7
v3.42.8
v3.45.8
v3.45.9
v3.48.2
v3.48.3
v3.48.4
v3.49.0
v3.49.1
v3.51.1
v3.51.2
v3.52.0
v3.52.1
v4.*
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.6
v4.0.7
v4.0.9
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.11.5
v4.11.6
v4.12.1
v4.12.2
v4.13.1
v4.13.2
v4.14.0
v4.14.10
v4.14.11
v4.14.14
v4.14.15
v4.14.3
v4.14.5
v4.14.6
v4.14.7
v4.14.9
v4.15.0
v4.15.1
v4.16.0
v4.16.1
v4.17.0
v4.17.1
v4.17.2
v4.17.3
v4.18.0
v4.18.1
v4.18.2
v4.18.3
v4.19.0
v4.19.1
v4.19.2
v4.19.3
v4.19.4
v4.2.0
v4.2.1
v4.20.0
v4.20.1
v4.21.0
v4.21.1
v4.21.2
v4.21.3
v4.22.0
v4.22.1
v4.22.2
v4.22.3
v4.22.4
v4.22.5
v4.22.6
v4.22.7
v4.23.0
v4.23.1
v4.23.10
v4.23.2
v4.23.3
v4.23.4
v4.23.5
v4.23.6
v4.23.7
v4.23.8
v4.23.9
v4.24.0
v4.24.1
v4.24.2
v4.25.0
v4.25.1
v4.25.2
v4.26.0
v4.26.1
v4.26.10
v4.26.11
v4.26.12
v4.26.2
v4.26.3
v4.26.4
v4.26.5
v4.26.6
v4.26.7
v4.26.8
v4.26.9
v4.27.0
v4.27.1
v4.27.10
v4.27.11
v4.27.2
v4.27.3
v4.27.4
v4.27.5
v4.27.6
v4.27.7
v4.27.8
v4.27.9
v4.28.0
v4.28.1
v4.29.0
v4.29.1
v4.29.2
v4.29.3
v4.3.0
v4.30.0
v4.30.1
v4.30.10
v4.30.11
v4.30.2
v4.30.3
v4.30.4
v4.30.5
v4.30.6
v4.30.7
v4.30.8
v4.30.9
v4.31.1
v4.31.2
v4.32.0
v4.33.0
v4.33.1
v4.33.2
v4.33.3
v4.33.4
v4.33.5
v4.33.6
v4.33.7
v4.33.8
v4.34.0
v4.34.1
v4.34.2
v4.34.3
v4.34.4
v4.34.5
v4.34.6
v4.34.7
v4.34.8
v4.34.9
v4.6.1
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.8.4
v4.9.0
v5.*
v5.0.0
v5.0.1
v5.0.10
v5.0.11
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.2
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.5
v5.2.6
v5.2.7
v5.3.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21315.json"