CVE-2020-36762
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Jul 18, 2023
Updated: May 17, 2024
CWE ID 78
Summary
CVE-2020-36762 is a critical vulnerability affecting ONS Digital RAS Collection Instrument versions up to 2.0.27. The issue lies within the jobs function of the file .github/workflows/comment.yml, which allows for os command injection due to the manipulation of the $COMMENT_BODY argument. To mitigate this risk, upgrading to version 2.0.28 is advised, with the patch identified as dcaad2540f7d50c512ff2e031d3778dd9337db2b. It is strongly recommended to apply this update as soon as possible to secure against potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- UK Office for National Statistics
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
Note: This is just a basic overview providing quick insights into CVE-2020-36762 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions