[Git][security-tracker-team/security-tracker][master] Review second batch of node-systeminformation CVEs

Salvatore Bonaccorso (@carnil) Mon, 01 Jun 2026 08:47:45 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6b7507f5 by Salvatore Bonaccorso at 2026-06-01T17:46:31+02:00
Review second batch of node-systeminformation CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -519023,7 +519023,7 @@ CVE-2021-21317 (uap-core in an open-source npm 
package which contains the core o
 CVE-2021-21316 (less-openui5 is an npm package which enables building OpenUI5 
themes w ...)
        NOT-FOR-US: less-openui5 npm package
 CVE-2021-21315 (The System Information Library for Node.JS (npm package 
"systeminforma ...)
-       - node-systeminformation <undetermined>
+       - node-systeminformation <not-affected> (Fixed before initial upload to 
Debian)
 CVE-2021-21314 (GLPI is open source software which stands for Gestionnaire 
Libre de Pa ...)
        - glpi <removed> (unimportant)
        NOTE: Only supported behind an authenticated HTTP zone
@@ -537417,7 +537417,7 @@ CVE-2020-26302 (is.js is a general-purpose check 
library. Versions 0.9.0 and pri
 CVE-2020-26301 (ssh2 is client and server modules written in pure JavaScript 
for node. ...)
        NOT-FOR-US: Node ssh2
 CVE-2020-26300 (systeminformation is an npm package that provides system and 
OS inform ...)
-       - node-systeminformation <undetermined>
+       - node-systeminformation <not-affected> (Fixed before initial upload to 
Debian)
 CVE-2020-26299 (ftp-srv is an open-source FTP server designed to be simple yet 
configu ...)
        NOT-FOR-US: Node ftp-srv
 CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In 
Redcarpet befo ...)
@@ -537479,7 +537479,7 @@ CVE-2020-26275 (The Jupyter Server provides the 
backend (i.e. the core services,
        - jupyter-server 1.1.1-1
        NOTE: 
https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-9f66-54xg-pc2c
 CVE-2020-26274 (In systeminformation (npm package) before version 4.31.1 there 
is a co ...)
-       - node-systeminformation <undetermined>
+       - node-systeminformation <not-affected> (Fixed before initial upload to 
Debian)
 CVE-2020-26273 (osquery is a SQL powered operating system instrumentation, 
monitoring, ...)
        - osquery <itp> (bug #803502)
 CVE-2020-26272 (The Electron framework lets users write cross-platform desktop 
applica ...)
@@ -537565,7 +537565,7 @@ CVE-2020-26247 (Nokogiri is a Rubygem providing HTML, 
XML, SAX, and Reader parse
 CVE-2020-26246 (Pimcore is an open source digital experience platform. In 
Pimcore befo ...)
        NOT-FOR-US: Pimcore
 CVE-2020-26245 (npm package systeminformation before version 4.30.5 is 
vulnerable to P ...)
-       - node-systeminformation <undetermined>
+       - node-systeminformation <not-affected> (Fixed before initial upload to 
Debian)
 CVE-2020-26244 (Python oic is a Python OpenID Connect implementation. In 
Python oic be ...)
        NOT-FOR-US: Python oic
 CVE-2020-26243 (Nanopb is a small code-size Protocol Buffers implementation. 
In Nanopb ...)
@@ -583872,7 +583872,7 @@ CVE-2020-7780 (This affects the package 
com.softwaremill.akka-http-session:core_
 CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular 
Expressi ...)
        NOT-FOR-US: Node djvalidator
 CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The 
attacker ...)
-       - node-systeminformation <undetermined>
+       - node-systeminformation <not-affected> (Fixed before initial upload to 
Debian)
 CVE-2020-7777 (This affects all versions of package jsen. If an attacker can 
control  ...)
        NOT-FOR-US: Node jsen
 CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. 
The libr ...)
@@ -583935,7 +583935,7 @@ CVE-2020-7754 (This affects the package 
npm-user-validate before 1.0.1. The rege
 CVE-2020-7753 (All versions of package trim are vulnerable to Regular 
Expression Deni ...)
        NOT-FOR-US: Node trim
 CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This 
packag ...)
-       - node-systeminformation <undetermined>
+       - node-systeminformation <not-affected> (Fixed before initial upload to 
Debian)
 CVE-2020-7751 (pathval before version 1.1.1 is vulnerable to prototype 
pollution.)
        - node-pathval 1.1.0-4 (bug #972895)
        [buster] - node-pathval 1.1.0-3+deb10u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b7507f567c2ac0ea66ba19501b9fcda28c2abcc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b7507f567c2ac0ea66ba19501b9fcda28c2abcc
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Review second batch of node-systeminformation CVEs

Reply via email to