A remote code execution vulnerability exists when the... · CVE-2020-0646 · GitHub Advisory Database · GitHub

A remote code execution vulnerability exists when the...

High severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Feb 7, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

References

Published by the National Vulnerability Database

Jan 14, 2020

Published to the GitHub Advisory Database May 24, 2022

Last updated Feb 7, 2025

Weaknesses

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Learn more on MITRE.

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. Learn more on MITRE.

CWE-91

XML Injection (aka Blind XPath Injection)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. Learn more on MITRE.