CVE-2020-7778 – systeminformation

Package

Manager: npm
Name: systeminformation
Vulnerable Version: >=0 <4.30.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

EPSS: 0.01103 pctl0.77248

Details

OS Command Injection in systeminformation This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.

Metadata

Created: 2022-02-09T23:14:11Z
Modified: 2021-04-13T18:32:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-8j36-q8x7-pm6q/GHSA-8j36-q8x7-pm6q.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-8j36-q8x7-pm6q
Finding: F404
Auto approve: 1