GHSA-8j36-q8x7-pm6q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8j36-q8x7-pm6q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-8j36-q8x7-pm6q/GHSA-8j36-q8x7-pm6q.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-8j36-q8x7-pm6q
- Aliases
- Published
- 2022-02-09T23:14:11Z
- Modified
- 2024-11-09T01:41:53.014368Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- OS Command Injection in systeminformation
- Details
-
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2021-04-13T18:32:29Z", "cwe_ids": [ "CWE-78" ], "nvd_published_at": "2020-11-26T11:15:00Z", "severity": "HIGH" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-7778
- https://github.com/sebhildebrandt/systeminformation/commit/11103a447ab9550c25f1fbec7e6d903720b3fea8%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc
- https://github.com/sebhildebrandt/systeminformation/commit/73dce8d717ca9c3b7b0d0688254b8213b957f0fa%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc
- https://gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80
- https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js
- https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1043753
Affected packages
npm / systeminformation
Package
- Name
- systeminformation
- View open source insights on deps.dev
- Purl
- pkg:npm/systeminformation