@azteam/monitor (>=1.0.1 <=1.0.9), @bb-cli/e2e-bb-test (>=2.8.3-5 <=2.8.4) +217 more potentially affected by CVE-2020-7778 via systeminformation (>=3.30.6 <=4.30.11)

systeminformation NPM version =3.30.6, =1.0.1, =2.8.3-5, =1.0.7, =1.0.0, =1.0.148 and more Source cves: CVE-2020-7778 Source advisory: OSV:GHSA-8J36-Q8X7-PM6Q...

Security Bulletin: Vulnerabilities in Node.js and FasterXML jackson-databind affect IBM Spectrum Protect Plus

Summary Multiple vulnerabilities in Node.js and FasterXML jackson-databind may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly....

CVE-2020-7778

creationtimestamp| type| source ---|---|--- 2020-11-26 14:48:41+00:00| seen| https://t.me/cibsecurity/16864...

CVE-2020-7778

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...

CVE-2020-7778

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...

CVE-2020-7778

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...

CVE-2020-7778

CVE-2020-7778 affects systeminformation prior to 4.30.2. It is a prototype pollution vulnerability where an attacker can overwrite object properties (e.g., proto ) to cause code execution, potentially enabling OS commands. Affected versions: systeminformation

CVE-2020-7778 Prototype Pollution

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...

@azteam/monitor (>=1.0.1 <=1.0.9), @best/builder (=4.0.0-beta10) +24 more potentially affected by CVE-2020-26245 +1 more via systeminformation (>=4.0.10 <=4.30.11)

systeminformation NPM version =4.0.10, =1.0.1, =0.0.3, =1.1.0, =1.2.3 - @hnordt/sysinfo =0.1.1 and more Source cves: CVE-2020-26245, CVE-2020-7778 Source advisory: SNYK:JS-SYSTEMINFORMATION-1043753...

JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)

The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...