systeminformation command injection
OS command injection via unsanitized input parameters
Severity CVSS
HIGH 7.8
Exploitation Shoulder
No known exploits
Fix available
No patch yet
Should I care?
This matters if:
- Apps executing system commands with user input
- CI/CD or build tools that shell out
Not relevant if:
- No shell commands in your application code
- All commands use fixed arguments
How to fix
How it breaks apps
1
User input passed to shell command
2
Command string is injectable
3
Attacker runs arbitrary commands
4
Full system compromise
Affected packages
Is this in your code?
Shoulder scans your codebase and tells you if CVE-2021-21315 is reachable — not just present.
npx @shoulderdev/cli trust .
Technical details
Risk by Environment
Production (public-facing)
HIGH
Patch soon. Exploitation requires specific conditions but impact is severe.
Staging
MEDIUM
Schedule patch. Review if this environment is network-accessible.
Internal services
MEDIUM
Assess exposure. Patch if the service handles sensitive data.
Local dev only
LOW
Minimal risk in isolated dev environments.
AI Development Risk
This vulnerability pattern is commonly introduced when AI generates code.
CWE-78
OS command injection
AI-generated code often shells out to system commands with unsanitized user input.