.. / CVE-2021-21315

Exploit for Node.JS System Information Library <5.3.1 - Remote Command Injection (CVE-2021-21315)

Description:

Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS (npm package “systeminformation”) is an open source collection of functions to retrieve detailed hardware, system and OS information.

Nuclei Template

View the template here CVE-2021-21315.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-21315.yaml

References:

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v
https://www.npmjs.com/package/systeminformation
https://security.netapp.com/advisory/ntap-20210312-0007/
https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC
https://nvd.nist.gov/vuln/detail/CVE-2021-21315

.. / CVE-2021-21315 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Node.JS System Information Library <5.3.1 - Remote Command Injection (CVE-2021-21315)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-21315