CVE-2020-21699

{"id": "CVE-2020-21699", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-08-22T19:16:15.847", "references": [{"url": "https://github.com/ZxDecide/Nginx-variants/blob/master/%E9%99%84%E4%BB%B6%28Tengine%29.docx", "source": "cve@mitre.org"}, {"url": "https://github.com/ZxDecide/Nginx-variants/blob/master/%E9%99%84%E4%BB%B6%28Tengine%29.docx", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests."}], "lastModified": "2024-11-21T05:12:48.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:alibaba:tengine:2.2.2:*:*:*:*:nginx:*:*", "vulnerable": true, "matchCriteriaId": "B93765C2-94DC-442F-9D73-D32A947A313F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}