{"id":"CVE-2020-17363","details":"USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.","modified":"2026-03-14T10:19:15.928044Z","published":"2020-12-31T02:15:12.433Z","references":[{"type":"EVIDENCE","url":"https://sysdream.com/news/lab/2020-08-12-cve-2020-17363-usvn-remote-code-execution/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/usvn/usvn","events":[{"introduced":"0"},{"fixed":"08401edbd528c8e3b07bca9a4b320ca1c9d91424"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.0.9"}]}}],"versions":["1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","delete"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17363.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}