Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-21315

The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.

Published

2021-02-16T17:15:13.050

Last Modified

2025-10-24T14:47:57.750

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	systeminformation	systeminformation	< 5.3.1	Yes
Application	apache	cordova	10.0.0	Yes

References

https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525 Patch ([email protected])
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E Issue Tracking, Mailing List ([email protected])
https://security.netapp.com/advisory/ntap-20210312-0007/ Third Party Advisory ([email protected])
https://www.npmjs.com/package/systeminformation Product ([email protected])
https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E Issue Tracking, Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210312-0007/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.npmjs.com/package/systeminformation Product (af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21315 US Government Resource (134c704f-9b21-4f2e-91b3-4a467353bcc0)