OS Command Injection in systeminformation

GHSA-8j36-q8x7-pm6q · CVE-2020-7778

Published Feb 9, 2022 · Modified Mar 13, 2026

Description

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-7778
WEB https://github.com/sebhildebrandt/systeminformation/commit/11103a447ab9550c25f1fbec7e6d903720b3fea8%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc
WEB https://github.com/sebhildebrandt/systeminformation/commit/73dce8d717ca9c3b7b0d0688254b8213b957f0fa%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc
WEB https://gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80
WEB https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js
WEB https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1043753

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes