[Git][security-tracker-team/security-tracker][master] Review second batch of node-systeminformation CVEs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 1 16:47:34 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b7507f5 by Salvatore Bonaccorso at 2026-06-01T17:46:31+02:00
Review second batch of node-systeminformation CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -519023,7 +519023,7 @@ CVE-2021-21317 (uap-core in an open-source npm package which contains the core o
 CVE-2021-21316 (less-openui5 is an npm package which enables building OpenUI5 themes w ...)
 	NOT-FOR-US: less-openui5 npm package
 CVE-2021-21315 (The System Information Library for Node.JS (npm package "systeminforma ...)
-	- node-systeminformation <undetermined>
+	- node-systeminformation <not-affected> (Fixed before initial upload to Debian)
 CVE-2021-21314 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...)
 	- glpi <removed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
@@ -537417,7 +537417,7 @@ CVE-2020-26302 (is.js is a general-purpose check library. Versions 0.9.0 and pri
 CVE-2020-26301 (ssh2 is client and server modules written in pure JavaScript for node. ...)
 	NOT-FOR-US: Node ssh2
 CVE-2020-26300 (systeminformation is an npm package that provides system and OS inform ...)
-	- node-systeminformation <undetermined>
+	- node-systeminformation <not-affected> (Fixed before initial upload to Debian)
 CVE-2020-26299 (ftp-srv is an open-source FTP server designed to be simple yet configu ...)
 	NOT-FOR-US: Node ftp-srv
 CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In Redcarpet befo ...)
@@ -537479,7 +537479,7 @@ CVE-2020-26275 (The Jupyter Server provides the backend (i.e. the core services,
 	- jupyter-server 1.1.1-1
 	NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-9f66-54xg-pc2c
 CVE-2020-26274 (In systeminformation (npm package) before version 4.31.1 there is a co ...)
-	- node-systeminformation <undetermined>
+	- node-systeminformation <not-affected> (Fixed before initial upload to Debian)
 CVE-2020-26273 (osquery is a SQL powered operating system instrumentation, monitoring, ...)
 	- osquery <itp> (bug #803502)
 CVE-2020-26272 (The Electron framework lets users write cross-platform desktop applica ...)
@@ -537565,7 +537565,7 @@ CVE-2020-26247 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parse
 CVE-2020-26246 (Pimcore is an open source digital experience platform. In Pimcore befo ...)
 	NOT-FOR-US: Pimcore
 CVE-2020-26245 (npm package systeminformation before version 4.30.5 is vulnerable to P ...)
-	- node-systeminformation <undetermined>
+	- node-systeminformation <not-affected> (Fixed before initial upload to Debian)
 CVE-2020-26244 (Python oic is a Python OpenID Connect implementation. In Python oic be ...)
 	NOT-FOR-US: Python oic
 CVE-2020-26243 (Nanopb is a small code-size Protocol Buffers implementation. In Nanopb ...)
@@ -583872,7 +583872,7 @@ CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_
 CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular Expressi ...)
 	NOT-FOR-US: Node djvalidator
 CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The attacker ...)
-	- node-systeminformation <undetermined>
+	- node-systeminformation <not-affected> (Fixed before initial upload to Debian)
 CVE-2020-7777 (This affects all versions of package jsen. If an attacker can control  ...)
 	NOT-FOR-US: Node jsen
 CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The libr ...)
@@ -583935,7 +583935,7 @@ CVE-2020-7754 (This affects the package npm-user-validate before 1.0.1. The rege
 CVE-2020-7753 (All versions of package trim are vulnerable to Regular Expression Deni ...)
 	NOT-FOR-US: Node trim
 CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This packag ...)
-	- node-systeminformation <undetermined>
+	- node-systeminformation <not-affected> (Fixed before initial upload to Debian)
 CVE-2020-7751 (pathval before version 1.1.1 is vulnerable to prototype pollution.)
 	- node-pathval 1.1.0-4 (bug #972895)
 	[buster] - node-pathval 1.1.0-3+deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b7507f567c2ac0ea66ba19501b9fcda28c2abcc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b7507f567c2ac0ea66ba19501b9fcda28c2abcc
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260601/e26abc38/attachment.htm>

More information about the debian-security-tracker-commits mailing list