Hit enter to search

Popular Node.js package vulnerable to command injection attacks

February 23, 2021

The maintainers of systeminformation, a popular Node.js package, have patched a bug that left applications vulnerable to command injection attacks.

If a function inserts user input strings into system commands without sanitizing them, malicious actors might be able to exploit the loophole to cause the function to execute arbitrary system-level commands.