{"id":"CVE-2020-7752","details":"This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.","aliases":["GHSA-94xh-2fmc-xf5j"],"modified":"2026-04-11T23:12:34.294490Z","published":"2020-10-26T17:15:12.987Z","related":["SNYK-JS-SYSTEMINFORMATION-1021909"],"references":[{"type":"FIX","url":"https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc10457bb8cd552d08089da61"},{"type":"FIX","url":"https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909"},{"type":"EVIDENCE","url":"https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sebhildebrandt/systeminformation","events":[{"introduced":"0"},{"fixed":"5323ab87f30aa97068a442547eaf86ce1a284679"},{"fixed":"931fecaec2c1a7dcc10457bb8cd552d08089da61"}],"database_specific":{"cpe":"cpe:2.3:a:systeminformation:systeminformation:*:*:*:*:*:node.js:*:*","source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"4.27.11"}]}}],"versions":["v3.42.5","v3.42.6","v3.42.7","v3.42.8","v3.45.8","v3.45.9","v3.48.2","v3.48.3","v3.48.4","v3.51.1","v3.51.2","v3.52.0","v3.52.1","v4.0.12","v4.0.13","v4.0.14","v4.0.15","v4.0.6","v4.0.7","v4.0.9","v4.1.5","v4.1.6","v4.1.7","v4.1.8","v4.11.5","v4.11.6","v4.12.1","v4.12.2","v4.13.1","v4.13.2","v4.14.0","v4.14.10","v4.14.11","v4.14.14","v4.14.15","v4.14.3","v4.14.5","v4.14.6","v4.14.7","v4.14.9","v4.15.0","v4.15.1","v4.16.0","v4.16.1","v4.17.0","v4.17.1","v4.17.2","v4.17.3","v4.18.0","v4.18.1","v4.18.2","v4.18.3","v4.19.0","v4.19.1","v4.19.2","v4.19.3","v4.19.4","v4.2.0","v4.2.1","v4.20.0","v4.20.1","v4.21.0","v4.22.6","v4.22.7","v4.23.0","v4.23.1","v4.23.10","v4.23.2","v4.23.3","v4.23.4","v4.23.5","v4.23.6","v4.23.7","v4.23.8","v4.23.9","v4.24.0","v4.24.1","v4.25.2","v4.26.10","v4.26.11","v4.26.12","v4.26.2","v4.26.3","v4.26.4","v4.26.5","v4.26.6","v4.26.7","v4.26.8","v4.26.9","v4.27.0","v4.27.1","v4.27.10","v4.27.2","v4.27.3","v4.27.4","v4.27.5","v4.27.6","v4.27.7","v4.27.8","v4.27.9","v4.3.0","v4.6.1","v4.7.0","v4.7.1","v4.7.2","v4.7.3","v4.8.4","v4.9.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7752.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}