systeminformation

Security Advisories

DOS Injection Vulnerability

Affected versions: < 4.34.10
Date: 2021-02-12
CVE indentifier -

Impact

Here we had an issue that there was a possibility to perform a ping command execution for too long time. Affected commands: inetLatency().

Patch

Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.34.10 if you are using version 4.

Workarround

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetLatency() (no spaces)

Command Injection Vulnerability

Affected versions: < 4.31.1
Date: 2020-12-11
CVE indentifier CVE-2020-26274, CVE-2020-28448

Impact

Here we had an issue that there was a possibility to inject commands to the command line of your machine via systeminformation. Affected commands: inetLatency().

Patch

Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.31.1

Workarround

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetLatency()

command injection vulnerability - prototype pollution

Affected versions: < 4.30.5
Date: 2020-11-26
CVE indentifier CVE-2020-26245

Impact

Here we had an issue that there was a possibility to inject commands to the command line by property pollution on the string object. Affected commands: inetChecksite().

Patch

Problem was fixed with a shell string sanitation fix as well as handling prototype polution. Please upgrade to version >= 4.30.5

Workarround

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetChecksite()

Command Injection Vulnerability

Affected versions: < 4.27.11
Date: 2020-10-26
CVE indentifier CVE-2020-7752

Impact

Here we had an issue that there was a possibility to inject commands to the command line of your machine via systeminformation. Affected commands: inetChecksite().

Patch

Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.27.11

Workarround

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to inetChecksite()