We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in sebhildebrandt/systeminformation

Valid

Reported on

Apr 8th 2021

✍️ Description

The systeminformation package is vulnerable to Improper Input Validation through versions function.

🕵️‍♂️ Proof of Concept

// PoC.js

const si = require('systeminformation');
si.versions({toString : () => { console.log("This is a PoC") }});

💥 Impact

This vulnerability allows attackers to send an object instead of a string, which may lead to Code injection, DoS, etc.

Occurrences

to join this conversation