@azteam/monitor (>=1.0.1 <=1.0.9), @bb-cli/e2e-bb-test (>=2.8.3-5 <=2.8.4) +206 more potentially affected by CVE-2020-7752 via systeminformation (>=3.30.6 <=4.26.9)

systeminformation NPM version =3.30.6, =1.0.1, =2.8.3-5, =1.0.7, =1.0.0, =0.0.3, =1.0.0, =1.1.0, =5.0.0, =1.0.0, =1.0.0-beta.7, =0.1.0, =0.4.0-unstable-20200922091941 and more Source cves: CVE-2020-7752 Source advisory: OSV:GHSA-94XH-2FMC-XF5J...

CVE-2020-7752

creationtimestamp| type| source ---|---|--- 2020-10-26 19:29:06+00:00| seen| https://t.me/cibsecurity/15584...

CVE-2020-7752

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...

CVE-2020-7752

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...

CVE-2020-7752 Command Injection

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...

CVE-2020-7752

The CVE-2020-7752 entry covers the npm package systeminformation prior to 4.27.11, where untrusted curl arguments passed to the inetChecksite path enable command injection and arbitrary OS command execution. Impact is described as high in multiple sources; remediation is to upgrade to version 4.2...