VDB
CVE-2020-28476
CVE-2020-28476
PUBLISHED
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-23336. Reason: This candidate is a reservation duplicate of CVE-2021-23336. Notes: All CVE users should reference CVE-2021-23336 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
EPSS 0.24% · 64.0th percentile
Risk Scores
EPSS Score
0.24%
64.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | python-tornado | 0, 4.5.1-2.1~build2, 4.5.3-1 |
| Ubuntu:20.04:LTS | python-tornado4 | 4.5.3-3, 4.5.3-3build1, 4.5.3-3build2 |
| Ubuntu:Pro:16.04:LTS | python-tornado | *, 0, 4.2.1-1ubuntu3 |
| Ubuntu:Pro:20.04:LTS | python-tornado | 6.0.3+really5.1.1-2build1, 6.0.3+really5.1.1-2, 5.1.1-4ubuntu5 |
Timeline
- Jan 18, 2021 CVE Published
- Jan 28, 2021 CVE Updated
- Feb 8, 2024 EPSS Score
- Feb 22, 2024 EPSS Score
- Mar 7, 2024 EPSS Score
- Mar 20, 2024 EPSS Score
- Apr 3, 2024 EPSS Score
- Apr 17, 2024 EPSS Score
- May 1, 2024 EPSS Score
- May 15, 2024 EPSS Score
- May 29, 2024 EPSS Score
- Jun 11, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-28476 third-party-advisory
- https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/ third-party-advisory
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-1017109 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-28476 third-party-advisory