CVE-2020-28476 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-28476 PUBLISHED

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-23336. Reason: This candidate is a reservation duplicate of CVE-2021-23336. Notes: All CVE users should reference CVE-2021-23336 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

EPSS 0.24% · 64.0th percentile

Risk Scores

EPSS Score

0.24%

64.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:18.04:LTS	python-tornado	4.5.2-1, 4.5.3-1ubuntu0.2+esm2, 4.5.3-1ubuntu0.2+esm1
Ubuntu:20.04:LTS	python-tornado4	4.5.3-3build2, 0, 4.5.3-3
Ubuntu:Pro:16.04:LTS	python-tornado	4.2.1-1ubuntu3, 4.2.1-1ubuntu2, 0
Ubuntu:Pro:20.04:LTS	python-tornado	6.0.3+really5.1.1-2build1, 6.0.3+really5.1.1-2build2, 6.0.3+really5.1.1-3

Timeline

Jan 18, 2021 CVE Published
Jan 28, 2021 CVE Updated
Feb 8, 2024 EPSS Score
Feb 22, 2024 EPSS Score
Mar 7, 2024 EPSS Score
Mar 20, 2024 EPSS Score
Apr 3, 2024 EPSS Score
Apr 17, 2024 EPSS Score
May 1, 2024 EPSS Score
May 15, 2024 EPSS Score
May 29, 2024 EPSS Score
Jun 11, 2024 EPSS Score

References

https://ubuntu.com/security/CVE-2020-28476 third-party-advisory
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/ third-party-advisory
https://snyk.io/vuln/SNYK-PYTHON-TORNADO-1017109 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-28476 third-party-advisory

Open in Interactive Console →