Vulnerability Description
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
CVSS Score
7.3
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systeminformation | Systeminformation | < 4.30.2 |
Related Weaknesses (CWE)
References
- https://gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80ExploitThird Party Advisory
- https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.jsExploitThird Party Advisory
- https://github.com/sebhildebrandt/systeminformation/commit/11103a447ab9550c25f1fPatchThird Party Advisory
- https://github.com/sebhildebrandt/systeminformation/commit/73dce8d717ca9c3b7b0d0PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1043753Third Party Advisory
- https://gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80ExploitThird Party Advisory
- https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.jsExploitThird Party Advisory
- https://github.com/sebhildebrandt/systeminformation/commit/11103a447ab9550c25f1fPatchThird Party Advisory
- https://github.com/sebhildebrandt/systeminformation/commit/73dce8d717ca9c3b7b0d0PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1043753Third Party Advisory
FAQ
What is CVE-2020-7778?
CVE-2020-7778 is a vulnerability with a CVSS score of 7.3 (HIGH). This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
How severe is CVE-2020-7778?
CVE-2020-7778 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7778?
Check the references section above for vendor advisories and patch information. Affected products include: Systeminformation Systeminformation.