Critical severityNVD Advisory· Published Jan 13, 2020· Updated Aug 4, 2024
CVE-2020-6948
CVE-2020-6948
Description
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
hashbrown-cmsnpm | < 1.3.4 | 1.3.4 |
Affected products
2- HashBrown/HashBrown CMSdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-4gjv-5jjp-rcghghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-6948ghsaADVISORY
- github.com/HashBrownCMS/hashbrown-cms/commit/ff95bbad391fb7111355c643cadc02fe8792d758ghsaWEB
- github.com/HashBrownCMS/hashbrown-cms/issues/326ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.