This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
References
Configurations
History
21 Nov 2024, 05:37
Type | Values Removed | Values Added |
---|---|---|
References | () https://gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80 - Exploit, Third Party Advisory | |
References | () https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js - Exploit, Third Party Advisory | |
References | () https://github.com/sebhildebrandt/systeminformation/commit/11103a447ab9550c25f1fbec7e6d903720b3fea8%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc - Patch, Third Party Advisory | |
References | () https://github.com/sebhildebrandt/systeminformation/commit/73dce8d717ca9c3b7b0d0688254b8213b957f0fa%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc - Patch, Third Party Advisory | |
References | () https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1043753 - Third Party Advisory |
Information
Published : 2020-11-26 11:15
Updated : 2024-11-21 05:37
NVD link : CVE-2020-7778
Mitre link : CVE-2020-7778
CVE.ORG link : CVE-2020-7778
JSON object : View
Products Affected
systeminformation
- systeminformation
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')