CNNVD-202512-2786 Information
CNNVD ID
CNNVD-202512-2786
Related CVE
- CNNVD Published: 2025-12-16
Description (Chinese)
systeminformation是Sebastian Hildebrandt个人开发者的一个可以获得操作系统信息的 Npm 软件库。 systeminformation 5.27.14之前版本存在操作系统命令注入漏洞,该漏洞源于fsSize函数存在OS命令注入漏洞,可能导致任意命令执行。
Description (English)
Systeminformation is a Npm software library for Sebastian Hildebrandt personal developers that can access information on operating systems. There was a loophole in the OS commands in the previous version of systeminformation 5.27.14, which originated from the FsSize function, where there was a gap in OS commands, which could lead to arbitrary enforcement.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
个人开发者
Published
2025-12-16
Last Modified
2026-02-24
References
https://github.com/sebhildebrandt/systeminformation/commit/c52f9fd07fef42d2d8e8c66f75b42178da701c68 https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-wphj-fx3q-84ch
Patch
https://github.com/sebhildebrandt/systeminformation/tags
Share on: