CVE-2020-7778 Information

Jun 07, 2022 cve

Description

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object which can lead to executing OS commands.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Reference

https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js https://gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80 https://github.com/sebhildebrandt/systeminformation/commit/11103a447ab9550c25f1fbec7e6d903720b3fea8%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1043753 https://github.com/sebhildebrandt/systeminformation/commit/73dce8d717ca9c3b7b0d0688254b8213b957f0fa%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

7.3

Share on: