DEBIAN-CVE-2020-7752

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...

Command injection

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...

CVE-2020-7752 Command Injection

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...

CVE-2020-7752

The CVE-2020-7752 entry covers the npm package systeminformation prior to 4.27.11, where untrusted curl arguments passed to the inetChecksite path enable command injection and arbitrary OS command execution. Impact is described as high in multiple sources; remediation is to upgrade to version 4.2...

CVE-2020-7752

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...

@azteam/monitor (>=1.0.1 <=1.0.9), @blitzbank/dashboard (>=0.0.3 <=0.1.2) +13 more potentially affected by CVE-2020-7752 via systeminformation (>=4.0.10 <=4.26.9)

systeminformation NPM version =4.0.10, =1.0.1, =0.0.3, =1.1.0, =1.0.0-beta.7, =0.43.2, =1.10.0, =9.7.2, =0.1.9, =1.0.3, =1.0.0, =9.7.2, =0.0.1, =1.0.1 Source cves: CVE-2020-7752 Source advisory: SNYK:JS-SYSTEMINFORMATION-1021909...

Command Injection

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS...

Node.js third-party modules: [systeminformation] Command Injection via insecure command formatting

I would like to report a Command Injection vulnerability in the systeminformation package. It allows an attacker to inject arbitrary OS commands. Module Module name: systeminformation Version: 4.26.10 npm page: https://www.npmjs.com/package/systeminformation Module Description System and OS...