CVE-2020-7752
- Source
- https://cve.org/CVERecord?id=CVE-2020-7752
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7752.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-7752
- Aliases
- Related
- Published
- 2020-10-26T17:15:12.987Z
- Modified
- 2026-04-11T23:12:34.294490Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
- References
Affected packages
Git / github.com/sebhildebrandt/systeminformation
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sebhildebrandt/systeminformation
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Database specific
{ "source": [ "CPE_FIELD", "REFERENCES" ], "extracted_events": [ { "introduced": "0" }, { "fixed": "4.27.11" } ], "cpe": "cpe:2.3:a:systeminformation:systeminformation:*:*:*:*:*:node.js:*:*" }
Affected versions
v3.*
v3.42.5
v3.42.6
v3.42.7
v3.42.8
v3.45.8
v3.45.9
v3.48.2
v3.48.3
v3.48.4
v3.51.1
v3.51.2
v3.52.0
v3.52.1
v4.*
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.6
v4.0.7
v4.0.9
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.11.5
v4.11.6
v4.12.1
v4.12.2
v4.13.1
v4.13.2
v4.14.0
v4.14.10
v4.14.11
v4.14.14
v4.14.15
v4.14.3
v4.14.5
v4.14.6
v4.14.7
v4.14.9
v4.15.0
v4.15.1
v4.16.0
v4.16.1
v4.17.0
v4.17.1
v4.17.2
v4.17.3
v4.18.0
v4.18.1
v4.18.2
v4.18.3
v4.19.0
v4.19.1
v4.19.2
v4.19.3
v4.19.4
v4.2.0
v4.2.1
v4.20.0
v4.20.1
v4.21.0
v4.22.6
v4.22.7
v4.23.0
v4.23.1
v4.23.10
v4.23.2
v4.23.3
v4.23.4
v4.23.5
v4.23.6
v4.23.7
v4.23.8
v4.23.9
v4.24.0
v4.24.1
v4.25.2
v4.26.10
v4.26.11
v4.26.12
v4.26.2
v4.26.3
v4.26.4
v4.26.5
v4.26.6
v4.26.7
v4.26.8
v4.26.9
v4.27.0
v4.27.1
v4.27.10
v4.27.2
v4.27.3
v4.27.4
v4.27.5
v4.27.6
v4.27.7
v4.27.8
v4.27.9
v4.3.0
v4.6.1
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.8.4
v4.9.0