This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2020-10-26T17:12:38.827301Z
Updated: 2024-09-17T01:56:58.841Z
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7752
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-10-26T17:15:12.987
Modified: 2024-11-21T05:37:44.200
Link: CVE-2020-7752
Redhat
No data.