CVE-2020-36762
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Jul 18, 2023
Updated: May 17, 2024
CWE ID 78
Summary
CVE-2020-36762 is a critical vulnerability affecting ONS Digital RAS Collection Instrument versions up to 2.0.27. The issue lies within the jobs function of the file .github/workflows/comment.yml, which allows for os command injection due to the manipulation of the $COMMENT_BODY argument. To mitigate this risk, upgrading to version 2.0.28 is advised, with the patch identified as dcaad2540f7d50c512ff2e031d3778dd9337db2b. It is strongly recommended to apply this update as soon as possible to secure against potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- UK Office for National Statistics