CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-7752

HIGH
8.8
CVSS Severity Score
EPSS Score0.0060%
EPSS Percentile17.64th
Published2020年10月26日
Last Modified2024年11月21日

Vulnerability Description

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.

Affected Platforms (CPE)

📦
Systeminformation

Systeminformation

< 4.27.11

References & Advisories

🔗 https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js
🔗 https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc10457bb8cd552d08089da61
🔗 https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909
🔗 https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js
🔗 https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc10457bb8cd552d08089da61
🔗 https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909

相关漏洞威胁

CVE-2021-213888.9

systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been disc...

CVE-2020-262458.1

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue w...

CVE-2020-77787.3

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, wh...

CVE-2021-213157.1

The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve...