Описание
OS Command Injection in systeminformation
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-7778
- https://github.com/sebhildebrandt/systeminformation/commit/11103a447ab9550c25f1fbec7e6d903720b3fea8%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc
- https://github.com/sebhildebrandt/systeminformation/commit/73dce8d717ca9c3b7b0d0688254b8213b957f0fa%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc
- https://gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80
- https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js
- https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1043753
Пакеты
Наименование
systeminformation
npm
Затронутые версииВерсия исправления
< 4.30.2
4.30.2
Связанные уязвимости
CVSS3: 7.3
nvd
около 5 лет назад
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.