Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/rh-nodejs12-nodejs@12.19.1-2?arch=el7

Type rpm

Namespace redhat

Name rh-nodejs12-nodejs

Version 12.19.1-2

Qualifiers

arch	el7

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-fu8u-pxaa-43be

vulnerability_id

VCID-fu8u-pxaa-43be

summary

Prototype Pollution in y18n
### Overview

The npm package `y18n` before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution. 

### POC

```js
const y18n = require('y18n')();

y18n.setLocale('__proto__');
y18n.updateLocale({polluted: true});

console.log(polluted); // true
```

### Recommendation

Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7774.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7774.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7774

reference_id

reference_type

scores

value	0.00469
scoring_system	epss
scoring_elements	0.64567
published_at	2026-04-21T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64564
published_at	2026-04-12T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64581
published_at	2026-04-18T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64569
published_at	2026-04-16T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64536
published_at	2026-04-13T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64455
published_at	2026-04-01T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64509
published_at	2026-04-02T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64538
published_at	2026-04-04T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64496
published_at	2026-04-07T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64545
published_at	2026-04-08T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64561
published_at	2026-04-09T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64576
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7774

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/yargs/y18n

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/yargs/y18n

reference_url

https://github.com/yargs/y18n/commit/90401eea9062ad498f4f792e3fff8008c4c193a3

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/yargs/y18n/commit/90401eea9062ad498f4f792e3fff8008c4c193a3

reference_url

https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25

reference_url

https://github.com/yargs/y18n/issues/96

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/yargs/y18n/issues/96

reference_url

https://github.com/yargs/y18n/pull/108

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/yargs/y18n/pull/108

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7774

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7774

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306

reference_url

https://snyk.io/vuln/SNYK-JS-Y18N-1021887

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-Y18N-1021887

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1898680
reference_id	1898680
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1898680

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976390
reference_id	976390
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976390

reference_url

https://github.com/advisories/GHSA-c4w7-xm78-47vh

reference_id

GHSA-c4w7-xm78-47vh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c4w7-xm78-47vh

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2020:5305
reference_id	RHSA-2020:5305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5305

reference_url	https://access.redhat.com/errata/RHSA-2020:5499
reference_id	RHSA-2020:5499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5499

reference_url	https://access.redhat.com/errata/RHSA-2020:5633
reference_id	RHSA-2020:5633
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5633

reference_url	https://access.redhat.com/errata/RHSA-2021:0421
reference_id	RHSA-2021:0421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0421

reference_url	https://access.redhat.com/errata/RHSA-2021:0521
reference_id	RHSA-2021:0521
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0521

reference_url	https://access.redhat.com/errata/RHSA-2021:0548
reference_id	RHSA-2021:0548
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0548

reference_url	https://access.redhat.com/errata/RHSA-2021:0551
reference_id	RHSA-2021:0551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0551

reference_url	https://access.redhat.com/errata/RHSA-2021:2041
reference_id	RHSA-2021:2041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2041

reference_url	https://access.redhat.com/errata/RHSA-2021:2438
reference_id	RHSA-2021:2438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2438

fixed_packages

aliases

CVE-2020-7774, GHSA-c4w7-xm78-47vh

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-fu8u-pxaa-43be

url

VCID-jqtk-shbr-nkaw

vulnerability_id

VCID-jqtk-shbr-nkaw

summary

yargs-parser Vulnerable to Prototype Pollution
Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects.  
Parsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`.



## Recommendation

Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7608.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7608.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7608

reference_id

reference_type

scores

value	0.00126
scoring_system	epss
scoring_elements	0.31898
published_at	2026-04-21T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31926
published_at	2026-04-18T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31913
published_at	2026-04-13T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31947
published_at	2026-04-16T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31987
published_at	2026-04-11T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31983
published_at	2026-04-09T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31955
published_at	2026-04-08T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31902
published_at	2026-04-07T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32079
published_at	2026-04-04T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32038
published_at	2026-04-02T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.3191
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608

reference_url

https://github.com/yargs/yargs-parser

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/yargs/yargs-parser

reference_url

https://github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36

reference_url

https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7608

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:P/A:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7608

reference_url

https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381

reference_url

https://www.npmjs.com/advisories/1500

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/1500

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1840004
reference_id	1840004
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1840004

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:yargs:yargs-parser::::::node.js::*
reference_id	cpe:2.3:a:yargs:yargs-parser::::::node.js::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:yargs:yargs-parser::::::node.js::*

reference_url

https://github.com/advisories/GHSA-p9pc-299p-vxgp

reference_id

GHSA-p9pc-299p-vxgp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p9pc-299p-vxgp

reference_url	https://access.redhat.com/errata/RHSA-2020:5305
reference_id	RHSA-2020:5305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5305

reference_url	https://access.redhat.com/errata/RHSA-2020:5499
reference_id	RHSA-2020:5499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5499

reference_url	https://access.redhat.com/errata/RHSA-2021:0521
reference_id	RHSA-2021:0521
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0521

reference_url	https://access.redhat.com/errata/RHSA-2021:0548
reference_id	RHSA-2021:0548
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0548

reference_url	https://access.redhat.com/errata/RHSA-2021:2041
reference_id	RHSA-2021:2041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2041

reference_url	https://access.redhat.com/errata/RHSA-2021:3917
reference_id	RHSA-2021:3917
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3917

fixed_packages

aliases

CVE-2020-7608, GHSA-p9pc-299p-vxgp

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-jqtk-shbr-nkaw

url

VCID-kh5k-ynnf-2bbx

vulnerability_id

VCID-kh5k-ynnf-2bbx

summary

Prototype Pollution in Ajv
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15366

reference_id

reference_type

scores

value	0.00352
scoring_system	epss
scoring_elements	0.57641
published_at	2026-04-21T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57667
published_at	2026-04-16T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57637
published_at	2026-04-13T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57657
published_at	2026-04-12T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57678
published_at	2026-04-11T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57663
published_at	2026-04-18T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57606
published_at	2026-04-07T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.5763
published_at	2026-04-04T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57609
published_at	2026-04-02T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57659
published_at	2026-04-08T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58193
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15366

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366

reference_url

https://github.com/ajv-validator/ajv

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ajv-validator/ajv

reference_url

https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f

reference_url

https://github.com/ajv-validator/ajv/releases/tag/v6.12.3

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ajv-validator/ajv/releases/tag/v6.12.3

reference_url

https://github.com/ajv-validator/ajv/tags

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ajv-validator/ajv/tags

reference_url

https://hackerone.com/bugs?subject=user&report_id=894259

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/bugs?subject=user&report_id=894259

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15366

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15366

reference_url

https://security.netapp.com/advisory/ntap-20240621-0007

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0007

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1857977
reference_id	1857977
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1857977

reference_url

https://github.com/advisories/GHSA-v88g-cgmw-v5xw

reference_id

GHSA-v88g-cgmw-v5xw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v88g-cgmw-v5xw

reference_url	https://access.redhat.com/errata/RHSA-2020:4298
reference_id	RHSA-2020:4298
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4298

reference_url	https://access.redhat.com/errata/RHSA-2020:5305
reference_id	RHSA-2020:5305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5305

reference_url	https://access.redhat.com/errata/RHSA-2020:5499
reference_id	RHSA-2020:5499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5499

reference_url	https://access.redhat.com/errata/RHSA-2021:0421
reference_id	RHSA-2021:0421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0421

reference_url	https://access.redhat.com/errata/RHSA-2021:0521
reference_id	RHSA-2021:0521
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0521

reference_url	https://access.redhat.com/errata/RHSA-2021:0548
reference_id	RHSA-2021:0548
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0548

reference_url	https://access.redhat.com/errata/RHSA-2021:0551
reference_id	RHSA-2021:0551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0551

reference_url	https://access.redhat.com/errata/RHSA-2021:0781
reference_id	RHSA-2021:0781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0781

reference_url	https://access.redhat.com/errata/RHSA-2021:3917
reference_id	RHSA-2021:3917
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3917

fixed_packages

aliases

CVE-2020-15366, GHSA-v88g-cgmw-v5xw

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-kh5k-ynnf-2bbx

url

VCID-m4sn-7wuq-e3cd

vulnerability_id

VCID-m4sn-7wuq-e3cd

summary

A Denial of Service vulnerability was discovered in c-ares.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8277

reference_id

reference_type

scores

value	0.59168
scoring_system	epss
scoring_elements	0.98219
published_at	2026-04-01T12:55:00Z

value	0.59168
scoring_system	epss
scoring_elements	0.9824
published_at	2026-04-18T12:55:00Z

value	0.59168
scoring_system	epss
scoring_elements	0.98233
published_at	2026-04-13T12:55:00Z

value	0.59168
scoring_system	epss
scoring_elements	0.98238
published_at	2026-04-21T12:55:00Z

value	0.59168
scoring_system	epss
scoring_elements	0.98222
published_at	2026-04-02T12:55:00Z

value	0.59168
scoring_system	epss
scoring_elements	0.98225
published_at	2026-04-04T12:55:00Z

value	0.59168
scoring_system	epss
scoring_elements	0.98226
published_at	2026-04-07T12:55:00Z

value	0.59168
scoring_system	epss
scoring_elements	0.9823
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8277

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/

reference_url	https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1898554
reference_id	1898554
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1898554

reference_url	https://security.archlinux.org/ASA-202011-18
reference_id	ASA-202011-18
reference_type
scores
url	https://security.archlinux.org/ASA-202011-18

reference_url

https://security.archlinux.org/AVG-1280

reference_id

AVG-1280

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1280

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-8277
reference_id	CVE-2020-8277
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-8277

reference_url	https://security.gentoo.org/glsa/202012-11
reference_id	GLSA-202012-11
reference_type
scores
url	https://security.gentoo.org/glsa/202012-11

reference_url	https://access.redhat.com/errata/RHSA-2020:5305
reference_id	RHSA-2020:5305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5305

reference_url	https://access.redhat.com/errata/RHSA-2020:5499
reference_id	RHSA-2020:5499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5499

reference_url	https://access.redhat.com/errata/RHSA-2021:0421
reference_id	RHSA-2021:0421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0421

reference_url	https://access.redhat.com/errata/RHSA-2021:0551
reference_id	RHSA-2021:0551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0551

reference_url	https://usn.ubuntu.com/4638-1/
reference_id	USN-4638-1
reference_type
scores
url	https://usn.ubuntu.com/4638-1/

fixed_packages

aliases

CVE-2020-8277

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-m4sn-7wuq-e3cd

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs12-nodejs@12.19.1-2%3Farch=el7

Package Instance