PT-2021-11965 · Tinycheck · Tinycheck

Published

2021-01-21

·

Updated

2021-07-21

·

CVE-2020-36199

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: TinyCheck versions before 9fd360d and ea53de8
Description: The issue is related to command injection due to insufficient checks of input parameters in several places.
Recommendations: For versions before 9fd360d and ea53de8, update to a version that includes commits 9fd360d and ea53de8 to resolve the issue.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-78

Related Identifiers

CVE-2020-36199
GHSA-J2VJ-MHR6-795M

Affected Products

Tinycheck