CVE-2020-7752
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P
Summary
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | systeminformation | unspecified < 4.27.11 | affected |
Weaknesses
- Command Injection
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909
- https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js
- https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc10457bb8cd552d08089da61
References
- https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909
- https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js
- https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc10457bb8cd552d08089da61
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.