How severe is CVE-2020-36762?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2020-36762?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2020-36762 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. Affected by this issue is the function jobs of the file .github/workflows/comment.yml. The manipulation of the argument $COMMENT_BODY leads to os command injection. Upgrading to version 2.0.28 is able to address this issue. The name of the patch is dcaad2540f7d50c512ff2e031d3778dd9337db2b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-234248.

Related Vulnerabilities

CVE-1999-0043

CRITICAL

CVSS:9.8(Critical)

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

CWE-781999

CVE-2005-10003

MEDIUM

CVSS:9.8(Critical)

A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possib...

CWE-782005

CVE-2011-2195

CRITICAL

CVSS:9.8(Critical)

A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument ...

CWE-782011

CVE-2011-2523

CRITICAL

CVSS:9.8(Critical)

vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.

CWE-782011

CVE-2012-5878

CRITICAL

CVSS:9.8(Critical)

Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (...

CWE-782012

CVE-2013-1599

CRITICAL

CVSS:9.8(Critical)

A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-110...

CWE-782013