A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions of systems to potential remote code execution (RCE) and privilege escalation attacks. The vulnerability, assigned CVE-2024-56334, highlights the importance of secure coding practices when dealing with untrusted user input. The vulnerability resides in the getWindowsIEEE8021x function of the systeminformation package, specifically affecting versions ≤5.23.6. The issue […] The post Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/node-js-systeminformation-package-vulnerability/
