CVE-2020-21699
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-21699
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-21699.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-21699
- Published
- 2023-08-22T19:16:15Z
- Modified
- 2025-01-14T08:37:43.474057Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.
- References
Affected packages
Git / github.com/alibaba/tengine
Affected ranges
- Type
- GIT
- Repo
- https://github.com/alibaba/tengine
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
tengine-1.*
tengine-1.2.5
tengine-1.3.0
tengine-1.4.0
tengine-1.4.1
tengine-1.4.2
tengine-1.4.3
tengine-1.4.4
tengine-1.4.5
tengine-1.4.6
tengine-1.5.0
tengine-1.5.1
tengine-2.*
tengine-2.0.0
tengine-2.0.1
tengine-2.0.2
tengine-2.0.3
tengine-2.1.0
tengine-2.1.0-f1
tengine-2.1.1
tengine-2.1.1-with-doc
tengine-2.2.0
tengine-2.2.1
tengine-2.2.2