CVE-2020-36642

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-36642

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36642.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36642

Published

2023-01-06T11:15:09Z

Modified

2025-10-21T05:53:58.774966Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function runinsandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The identifier of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability.

References

Affected packages

Git / github.com/trampgeek/jobe

Affected ranges

Type: GIT
Repo: https://github.com/trampgeek/jobe
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8f43daf50c943b98eaf0c542da901a4a16e85b02

Fixed

f3fd15c42c3bb0481f860a65699b7b91240bb305

Affected versions

v1.*

v1.4.0

v1.4.2

v1.6.0