CVE-2020-26245: OS Command Injection

November 27, 2020 (updated December 3, 2020)

npm package systeminformation is vulnerable to Prototype Pollution leading to Command Injection.If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite().

References

nvd.nist.gov/vuln/detail/CVE-2020-26245

Code Behaviors & Features

Detect and mitigate CVE-2020-26245 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →