CVE-2020-7778

🗓️ 26 Nov 2020 10:40:14Reported by snykType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 52 Views

CVE-2020-7778 affects systeminformation before 4.30.2, allowing attacker to execute OS commands

Reporter	Title	Published	Views	Family All 16
Circl	CVE-2020-7778	26 Nov 202014:48	–	circl
CNNVD	Systeminformation Operating System Command Injection Vulnerability	26 Nov 202000:00	–	cnnvd
Check Point Advisories	JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)	21 Jun 202000:00	–	checkpoint_advisories
Cvelist	CVE-2020-7778 Prototype Pollution	26 Nov 202010:40	–	cvelist
Debian CVE	CVE-2020-7778	26 Nov 202010:40	–	debiancve
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js and FasterXML jackson-databind affect IBM Spectrum Protect Plus	9 Feb 202109:58	–	ibm
EUVD	EUVD-2022-0919	3 Oct 202520:07	–	euvd
Github Security Blog	OS Command Injection in systeminformation	9 Feb 202223:14	–	github
NVD	CVE-2020-7778	26 Nov 202011:15	–	nvd
OSV	DEBIAN-CVE-2020-7778	26 Nov 202011:15	–	osv

NVD

Node

systeminformation systeminformationRange<4.30.2node.js

[
  {
    "product": "systeminformation",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "4.30.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js
github	www.github.com/sebhildebrandt/systeminformation/commit/11103a447ab9550c25f1fbec7e6d903720b3fea8%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc
github	www.github.com/sebhildebrandt/systeminformation/commit/73dce8d717ca9c3b7b0d0688254b8213b957f0fa%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc
gist	www.gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80
snyk	www.snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1043753

21 Nov 2024 05:37Current

7.2High risk

Vulners AI Score7.2

CVSS 27.5

CVSS 3.17.3

EPSS0.01103

CWE-78