Known exploited
Npm package
CVE published 2022-01-18
CVE-2021-21315
CVE-2021-21315 is a command injection vulnerability affecting the Npm package System Information Library for Node.JS. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-01-18, which means federal defenders should treat it as actively exploited or of strong exploitation concern. The defensive takeaway is straightforward: prioritize patching or removal of the affected package according to [truncated]