Systeminformation
CVE-2020-7778
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from Vendor (snyk) · only source for this CVE.
CVSS VectorVendor: snyk
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
AnalysisAI
This affects the package systeminformation before 4.30.2. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. Affected products include: Systeminformation. Version information: before 4.30.2..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
More in Systeminformation
View allCommand injection in systeminformation versions before 5.31.0 allows local attackers with user privileges to execute arb
This affects the package systeminformation before 4.27.11. Rated high severity (CVSS 8.8), this vulnerability is remotel
Command injection in the systeminformation Node.js library (versions prior to 5.30.8) lets attackers run arbitrary OS co
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions t
systeminformation is a System Information Library for Node.JS. Rated critical severity (CVSS 9.8), this vulnerability is
systeminformation is an open source system and OS information library for node.js. Rated critical severity (CVSS 9.8), t
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. R
In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. Rated high severity
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today