CVE-2020-7752
systeminformation command injection vulnerability
8.8
HIGH
CVSS 3.1
EPSS 3.1%
Description
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
How to fix CVE-2020-7752
To remediate CVE-2020-7752, upgrade the affected package to a fixed version below.
- Debian/node-systeminformation—no fix listed
- —upgrade to 4.27.11 or later
Is CVE-2020-7752 being exploited?
Low — EPSS is 3.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0
- from 0, < 4.27.11
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |