npm package
hashbrown-cms
pkg:npm/hashbrown-cms
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-6948 | — | < 1.3.4 | 1.3.4 | Jan 13, 2020 | A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password. | ||
| CVE-2020-5840 | — | < 1.3.2 | 1.3.2 | Jan 6, 2020 | An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field. |
- CVE-2020-6948Jan 13, 2020affected < 1.3.4fixed 1.3.4
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password.
- CVE-2020-5840Jan 6, 2020affected < 1.3.2fixed 1.3.2
An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.