CVE-2020-7778
Summary
| CVE | CVE-2020-7778 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-11-26 11:15:00 UTC |
| Updated | 2020-12-01 14:28:00 UTC |
| Description | This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Systeminformation | Systeminformation | All | All | All | All |
| Application | Systeminformation | Systeminformation | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Prototype Pollution in systeminformation | Snyk | MISC | snyk.io | Third Party Advisory |
| [systeminformation] - Prototype Pollution · GitHub | MISC | gist.github.com | Exploit, Third Party Advisory |
| systeminformation/internet.js at master · sebhildebrandt/systeminformation · GitHub | MISC | github.com | Exploit, Third Party Advisory |
| github.com/sebhildebrandt/systeminformation/commit/73dce8d717ca9c3b7b0d0... | MISC | github.com | Patch, Third Party Advisory |
| github.com/sebhildebrandt/systeminformation/commit/11103a447ab9550c25f1f... | MISC | github.com | Patch, Third Party Advisory |
| security update (prototype pollution prevention) · sebhildebrandt/systeminformation@11103a4 · GitHub | MITRE | github.com | |
| security update (prototype pollution prevention) · sebhildebrandt/systeminformation@73dce8d · GitHub | MITRE | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: EffectRenan
There are currently no legacy QID mappings associated with this CVE.