CVE-2020-7752

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-7752

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7752.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-7752

Aliases

GHSA-94xh-2fmc-xf5j

Downstream

DEBIAN-CVE-2020-7752

Related

SNYK-JS-SYSTEMINFORMATION-1021909

Published

2020-10-26T17:15:12.987Z

Modified

2026-04-10T04:28:11.119870Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.

References

Affected packages

Git / github.com/sebhildebrandt/systeminformation

Affected ranges

Type

GIT

Repo

https://github.com/sebhildebrandt/systeminformation

Events

Introduced

Fixed

5323ab87f30aa97068a442547eaf86ce1a284679

Fixed

931fecaec2c1a7dcc10457bb8cd552d08089da61

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.27.11"
        }
    ]
}

Affected versions

v3.*

v3.42.5

v3.42.6

v3.42.7

v3.42.8

v3.45.8

v3.45.9

v3.48.2

v3.48.3

v3.48.4

v3.51.1

v3.51.2

v3.52.0

v3.52.1

v4.*

v4.0.12

v4.0.13

v4.0.14

v4.0.15

v4.0.6

v4.0.7

v4.0.9

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.11.5

v4.11.6

v4.12.1

v4.12.2

v4.13.1

v4.13.2

v4.14.0

v4.14.10

v4.14.11

v4.14.14

v4.14.15

v4.14.3

v4.14.5

v4.14.6

v4.14.7

v4.14.9

v4.15.0

v4.15.1

v4.16.0

v4.16.1

v4.17.0

v4.17.1

v4.17.2

v4.17.3

v4.18.0

v4.18.1

v4.18.2

v4.18.3

v4.19.0

v4.19.1

v4.19.2

v4.19.3

v4.19.4

v4.2.0

v4.2.1

v4.20.0

v4.20.1

v4.21.0

v4.22.6

v4.22.7

v4.23.0

v4.23.1

v4.23.10

v4.23.2

v4.23.3

v4.23.4

v4.23.5

v4.23.6

v4.23.7

v4.23.8

v4.23.9

v4.24.0

v4.24.1

v4.25.2

v4.26.10

v4.26.11

v4.26.12

v4.26.2

v4.26.3

v4.26.4

v4.26.5

v4.26.6

v4.26.7

v4.26.8

v4.26.9

v4.27.0

v4.27.1

v4.27.10

v4.27.2

v4.27.3

v4.27.4

v4.27.5

v4.27.6

v4.27.7

v4.27.8

v4.27.9

v4.3.0

v4.6.1

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.8.4

v4.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7752.json"