- Description
- systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands. This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. This issue has been addressed in version 5.23.7 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-94
- Hype score
- Not currently trending
Node.js の脆弱性 CVE-2024-56334 が FIX:ただちにアップデートを! https://t.co/TvXkylxNHM Node.js のダウンロード数って、スゴイですね。こういう数字を見せつけられると、その偉大さを再認識します。Node.js に関連する、このブログでの直近のトピックは、2024/07/08 の「Node.js の脆弱性… https://t.co/GdlJgw0UxL
@iototsecnews
6 Jan 2025
134 Impressions
3 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56334 - npm package was disclosed on December 20, 2024. This vulnerability involves a command injection flaw that could expose Node.js systems to remote code execution or local privilege escalation, depending on the package's implementation. https://t.co/wDnjRAfjC4
@Simple0xx0
29 Dec 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Vulnerability #CVE202456334 CVE-2024-56334: Command Injection Flaw Exposes Millions of Node.js Systems to Attack https://t.co/idi5zjfU3Y
@Komodosec
26 Dec 2024
48 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
به تازگی آسیب پذیری از نوع command injection با کد شناسایی CVE-2024-56334 برای systeminformation npm منتشر شده است که به هکرها امکان اجرای کامند و privilege escalation را می دهد.نسخه های قبل از 5.23.6 این محصول دارای این آسیب پذیری می باشند. https://t.co/Poz3aKYxT1 https://t.co
@AmirHossein_sec
26 Dec 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56334 (CVSS:7.8, HIGH) is Awaiting Analysis. systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when ..https://t.co/5KbOia16KQ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
25 Dec 2024
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Node.js “systeminformation” #Vulnerability CVE-2024-56334 Exposes Millions of Systems to #RCE Attacks. Attackers could embed malicious commands within the SSID of a #WiFi network, which would then be executed: https://t.co/jSjzYusGTB
@step9consulting
24 Dec 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56334: Command Injection Flaw Exposes Millions of Node.js Systems to Attack https://t.co/HbJIUMhGHQ
@Dinosn
24 Dec 2024
1713 Impressions
0 Retweets
7 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2024-56334: Command Injection Flaw Exposes Millions of Node.js Systems to Attack ⚠️This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. Search for Node.js application. ZoomEye… ht
@zoomeye_team
24 Dec 2024
667 Impressions
5 Retweets
5 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2024-56334: Command Injection Flaw Exposes Millions of Node.js Systems to Attack ⚠️This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. Search for Node.js application. ZoomEye… ht
@zoomeye_team
24 Dec 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56334 systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.e… https://t.co/Q7fO2Xaz4F
@CVEnew
20 Dec 2024
329 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes