CVE-2021-21315

Source
https://cve.org/CVERecord?id=CVE-2021-21315
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21315.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-21315
Aliases
Downstream
Published
2021-02-16T17:15:13.050Z
Modified
2026-07-09T11:24:08.438756Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.

References

Affected packages

Git / github.com/apache/cordova-android

Affected ranges

Type
GIT
Repo
https://github.com/apache/cordova-android
Events
Database specific
{
    "cpe": "cpe:2.3:a:apache:cordova:10.0.0:*:*:*:*:-:*:*",
    "extracted_events": [
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.0.0"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

10.*
10.0.0
rel/10.*
rel/10.0.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21315.json"

Git / github.com/sebhildebrandt/systeminformation

Affected ranges

Type
GIT
Repo
https://github.com/sebhildebrandt/systeminformation
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:systeminformation:systeminformation:*:*:*:*:*:node.js:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.3.1"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

v3.*
v3.42.5
v3.42.6
v3.42.7
v3.42.8
v3.45.8
v3.45.9
v3.48.2
v3.48.3
v3.48.4
v3.51.1
v3.51.2
v3.52.0
v3.52.1
v4.*
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.6
v4.0.7
v4.0.9
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.11.5
v4.11.6
v4.12.1
v4.12.2
v4.13.1
v4.13.2
v4.14.0
v4.14.10
v4.14.11
v4.14.14
v4.14.15
v4.14.3
v4.14.5
v4.14.6
v4.14.7
v4.14.9
v4.15.0
v4.15.1
v4.16.0
v4.16.1
v4.17.0
v4.17.1
v4.17.2
v4.17.3
v4.18.0
v4.18.1
v4.18.2
v4.18.3
v4.19.0
v4.19.1
v4.19.2
v4.19.3
v4.19.4
v4.2.0
v4.2.1
v4.20.0
v4.20.1
v4.21.0
v4.22.6
v4.22.7
v4.23.0
v4.23.1
v4.23.10
v4.23.2
v4.23.3
v4.23.4
v4.23.5
v4.23.6
v4.23.7
v4.23.8
v4.23.9
v4.24.0
v4.24.1
v4.25.2
v4.26.10
v4.26.11
v4.26.12
v4.26.2
v4.26.3
v4.26.4
v4.26.5
v4.26.6
v4.26.7
v4.26.8
v4.26.9
v4.27.0
v4.27.1
v4.27.10
v4.27.11
v4.27.2
v4.27.3
v4.27.4
v4.27.5
v4.27.6
v4.27.7
v4.27.8
v4.27.9
v4.28.0
v4.28.1
v4.29.0
v4.29.1
v4.29.2
v4.29.3
v4.3.0
v4.30.0
v4.30.1
v4.30.10
v4.30.11
v4.30.2
v4.30.3
v4.30.4
v4.30.5
v4.30.6
v4.30.7
v4.30.8
v4.30.9
v4.31.1
v4.31.2
v4.32.0
v4.33.0
v4.33.1
v4.33.2
v4.33.3
v4.33.4
v4.33.5
v4.33.6
v4.33.7
v4.33.8
v4.34.0
v4.34.1
v4.34.2
v4.34.3
v4.34.4
v4.34.5
v4.34.6
v4.34.7
v4.34.8
v4.34.9
v4.6.1
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.8.4
v4.9.0
v5.*
v5.0.0
v5.0.1
v5.0.10
v5.0.11
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.2
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.5
v5.2.6
v5.2.7
v5.3.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21315.json"