High severityNVD Advisory· Published Jan 6, 2020· Updated Aug 4, 2024
CVE-2020-5840
CVE-2020-5840
Description
An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
hashbrown-cmsnpm | < 1.3.2 | 1.3.2 |
Affected products
2- HashBrown/HashBrown CMSdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-q7hx-mrv5-6mrpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-5840ghsaADVISORY
- github.com/HashBrownCMS/hashbrown-cms/commit/6b37b73944447bb29c6aaeb086b04196d80c692aghsaWEB
- github.com/HashBrownCMS/hashbrown-cms/compare/v1.3.1...v1.3.2ghsax_refsource_MISCWEB
- github.com/HashBrownCMS/hashbrown-cms/releases/tag/v1.3.2ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.