CVE-2020-7752: Command Injection

October 26, 2020 (updated July 21, 2021)

The systeminformation package is vulnerable to Command Injection. An attacker can concatenate the curl command’s parameters to overwrite Javascript files and then execute any OS commands.

References

nvd.nist.gov/vuln/detail/CVE-2020-7752

Detect and mitigate CVE-2020-7752 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →