[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-10687":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":54,"related":55,"reserved_at":9,"published_at":56,"modified_at":57,"state":58,"summary":59,"references_raw":68,"kevs":104,"epss":105,"epss_history":108,"metrics":369,"affected":382},"CVE-2020-10687","A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[29],"GHSA-p9w3-gwc2-cr49",[],[32,34,36,38,40,42,44,46,48,50,52],{"_key":33},"DEBIAN-CVE-2020-10687",{"_key":35},"RHSA-2020:3461",{"_key":37},"RHSA-2020:3462",{"_key":39},"RHSA-2020:3463",{"_key":41},"RHSA-2020:3637",{"_key":43},"RHSA-2020:3638",{"_key":45},"RHSA-2020:3639",{"_key":47},"RHSA-2021:0872",{"_key":49},"RHSA-2021:0873",{"_key":51},"RHSA-2021:0874",{"_key":53},"UBUNTU-CVE-2020-10687",[],[],"2020-09-23T12:30:43.000Z","2024-08-04T11:06:11.126Z","Modified",{"cisa_kev":60,"cisa_ransomware":60,"cisa_vendor":9,"epss_severity":61,"epss_score":62,"severity":63,"severity_score":64,"severity_version":65,"severity_source":66,"severity_vector":67,"severity_status":58},false,"low",0.00123,"medium",5.8,"v2.0","nvd","AV:N/AC:M/Au:N/C:P/I:P/A:N",[69,79,85,91,96,100],{"url":70,"sources":71,"tags":74},"https://bugzilla.redhat.com/show_bug.cgi?id=1785049",[72,66,73],"cve.org","osv_maven",[75,76,77,78],"X Refsource MISC","Issue Tracking","Vendor Advisory","WEB",{"url":80,"sources":81,"tags":82},"https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c%40%3Cdev.cxf.apache.org%3E",[72,66],[83,84],"Mailing List","X Refsource MLIST",{"url":86,"sources":87,"tags":88},"https://security.netapp.com/advisory/ntap-20220210-0015/",[72,66],[89,90],"X Refsource CONFIRM","Third Party Advisory",{"url":92,"sources":93,"tags":94},"https://nvd.nist.gov/vuln/detail/CVE-2020-10687",[73],[95],"Advisory",{"url":97,"sources":98,"tags":99},"https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E",[73],[78],{"url":101,"sources":102,"tags":103},"https://security.netapp.com/advisory/ntap-20220210-0015",[73],[78],[],{"date":106,"score":62,"percentile":107},"2026-06-04",0.30933,[109,113,116,119,122,124,127,130,133,136,139,142,145,148,151,154,157,160,163,165,168,171,174,176,179,182,185,188,191,194,197,199,202,205,208,211,214,217,220,223,226,229,232,235,238,241,244,247,250,252,255,258,261,264,266,268,271,274,276,279,282,285,288,291,294,296,298,301,304,307,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,366],{"date":110,"score":111,"percentile":112},"2025-11-04",0.0021,0.43441,{"date":114,"score":111,"percentile":115},"2025-11-05",0.43439,{"date":117,"score":111,"percentile":118},"2025-11-06",0.4345,{"date":120,"score":111,"percentile":121},"2025-11-07",0.43475,{"date":123,"score":111,"percentile":121},"2025-11-08",{"date":125,"score":111,"percentile":126},"2025-11-09",0.43452,{"date":128,"score":111,"percentile":129},"2025-11-10",0.43412,{"date":131,"score":111,"percentile":132},"2025-11-11",0.4343,{"date":134,"score":111,"percentile":135},"2025-11-12",0.43469,{"date":137,"score":111,"percentile":138},"2025-11-13",0.43482,{"date":140,"score":111,"percentile":141},"2025-11-14",0.43495,{"date":143,"score":111,"percentile":144},"2025-11-15",0.43489,{"date":146,"score":111,"percentile":147},"2025-11-16",0.43474,{"date":149,"score":111,"percentile":150},"2025-11-17",0.43444,{"date":152,"score":111,"percentile":153},"2025-11-18",0.39174,{"date":155,"score":111,"percentile":156},"2025-11-19",0.39183,{"date":158,"score":111,"percentile":159},"2025-11-20",0.39184,{"date":161,"score":111,"percentile":162},"2025-11-21",0.43426,{"date":164,"score":111,"percentile":162},"2025-11-22",{"date":166,"score":111,"percentile":167},"2025-11-23",0.43402,{"date":169,"score":111,"percentile":170},"2025-11-24",0.43393,{"date":172,"score":111,"percentile":173},"2025-11-25",0.43404,{"date":175,"score":111,"percentile":173},"2025-11-26",{"date":177,"score":111,"percentile":178},"2025-11-27",0.43411,{"date":180,"score":111,"percentile":181},"2025-11-28",0.43381,{"date":183,"score":111,"percentile":184},"2025-11-29",0.4336,{"date":186,"score":111,"percentile":187},"2025-11-30",0.43339,{"date":189,"score":111,"percentile":190},"2025-12-01",0.43464,{"date":192,"score":111,"percentile":193},"2025-12-02",0.43477,{"date":195,"score":111,"percentile":196},"2025-12-03",0.43479,{"date":198,"score":111,"percentile":187},"2025-12-04",{"date":200,"score":111,"percentile":201},"2025-12-05",0.43364,{"date":203,"score":111,"percentile":204},"2025-12-06",0.43359,{"date":206,"score":111,"percentile":207},"2025-12-07",0.4334,{"date":209,"score":111,"percentile":210},"2025-12-08",0.43344,{"date":212,"score":111,"percentile":213},"2025-12-09",0.43377,{"date":215,"score":111,"percentile":216},"2025-12-10",0.43446,{"date":218,"score":111,"percentile":219},"2025-12-11",0.43476,{"date":221,"score":111,"percentile":222},"2025-12-12",0.43503,{"date":224,"score":111,"percentile":225},"2025-12-13",0.43484,{"date":227,"score":111,"percentile":228},"2025-12-14",0.43451,{"date":230,"score":111,"percentile":231},"2025-12-15",0.43434,{"date":233,"score":111,"percentile":234},"2025-12-16",0.43459,{"date":236,"score":111,"percentile":237},"2025-12-17",0.43501,{"date":239,"score":111,"percentile":240},"2025-12-18",0.4354,{"date":242,"score":111,"percentile":243},"2025-12-19",0.43559,{"date":245,"score":111,"percentile":246},"2025-12-20",0.43537,{"date":248,"score":111,"percentile":249},"2025-12-21",0.435,{"date":251,"score":111,"percentile":219},"2025-12-22",{"date":253,"score":111,"percentile":254},"2025-12-23",0.43471,{"date":256,"score":111,"percentile":257},"2025-12-24",0.43486,{"date":259,"score":111,"percentile":260},"2025-12-25",0.43536,{"date":262,"score":111,"percentile":263},"2025-12-26",0.43518,{"date":265,"score":111,"percentile":240},"2025-12-27",{"date":267,"score":111,"percentile":150},"2025-12-28",{"date":269,"score":111,"percentile":270},"2025-12-29",0.43425,{"date":272,"score":111,"percentile":273},"2025-12-30",0.43419,{"date":275,"score":111,"percentile":190},"2025-12-31",{"date":277,"score":111,"percentile":278},"2026-01-01",0.43605,{"date":280,"score":111,"percentile":281},"2026-01-02",0.4358,{"date":283,"score":111,"percentile":284},"2026-01-03",0.43571,{"date":286,"score":111,"percentile":287},"2026-01-04",0.43407,{"date":289,"score":111,"percentile":290},"2026-01-05",0.43387,{"date":292,"score":111,"percentile":293},"2026-01-06",0.43388,{"date":295,"score":111,"percentile":287},"2026-01-07",{"date":297,"score":111,"percentile":231},"2026-01-08",{"date":299,"score":111,"percentile":300},"2026-01-09",0.43413,{"date":302,"score":111,"percentile":303},"2026-01-10",0.43414,{"date":305,"score":111,"percentile":306},"2026-01-11",0.43389,{"date":308,"score":111,"percentile":207},"2026-01-12",{"date":310,"score":111,"percentile":311},"2026-01-13",0.43319,{"date":313,"score":111,"percentile":314},"2026-01-14",0.43369,{"date":316,"score":111,"percentile":317},"2026-01-15",0.43362,{"date":319,"score":62,"percentile":320},"2026-01-16",0.32152,{"date":322,"score":62,"percentile":323},"2026-01-17",0.3214,{"date":325,"score":62,"percentile":326},"2026-01-18",0.32086,{"date":328,"score":62,"percentile":329},"2026-01-19",0.32053,{"date":331,"score":62,"percentile":332},"2026-01-20",0.32037,{"date":334,"score":62,"percentile":335},"2026-01-21",0.31988,{"date":337,"score":62,"percentile":338},"2026-01-22",0.31965,{"date":340,"score":62,"percentile":341},"2026-01-23",0.32029,{"date":343,"score":62,"percentile":344},"2026-01-24",0.32043,{"date":346,"score":62,"percentile":347},"2026-01-25",0.31974,{"date":349,"score":62,"percentile":350},"2026-01-26",0.31884,{"date":352,"score":62,"percentile":353},"2026-01-27",0.3187,{"date":355,"score":62,"percentile":356},"2026-01-28",0.31846,{"date":358,"score":62,"percentile":359},"2026-01-29",0.31804,{"date":361,"score":62,"percentile":362},"2026-01-30",0.31794,{"date":364,"score":62,"percentile":365},"2026-01-31",0.31806,{"date":367,"score":62,"percentile":368},"2026-02-01",0.31896,[370,380],{"source":66,"cvss_v2_0":371,"cvss_v3_0":9,"cvss_v3_1":374,"cvss_v4_0":9},{"baseScore":64,"baseSeverity":9,"vectorString":67,"impactScore":372,"exploitabilityScore":373},4.9,8.6,{"baseScore":375,"baseSeverity":376,"vectorString":377,"impactScore":378,"exploitabilityScore":379},4.8,"MEDIUM","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",4.2,5.6,{"source":73,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":381,"cvss_v4_0":9},{"baseScore":375,"baseSeverity":9,"vectorString":377,"impactScore":378,"exploitabilityScore":379},[383,396,411,416],{"ecosystem":384,"name":385,"vendor":386,"product":387,"cpe_part":9,"purl_type":388,"purl_namespace":386,"purl_name":387,"source":9,"versions":389},"Maven","io.undertow:undertow-core","io.undertow","undertow-core","maven",[390],{"version":391,"is_range":392,"range_type":393,"version_start":9,"version_start_type":9,"version_end":394,"version_end_type":395,"fixed_in":9},"lt2_2_0_Final",true,"ecosystem","2.2.0.Final","excluding",{"ecosystem":9,"name":397,"vendor":398,"product":399,"cpe_part":400,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":401},"jboss enterprise application platform","redhat","jboss_enterprise_application_platform","a",[402,405,407,409],{"version":403,"is_range":60,"range_type":404,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na","cpe",{"version":406,"is_range":60,"range_type":404,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.2",{"version":408,"is_range":60,"range_type":404,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.3",{"version":410,"is_range":60,"range_type":404,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.4",{"ecosystem":9,"name":412,"vendor":398,"product":413,"cpe_part":400,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":414},"single sign-on","single_sign-on",[415],{"version":403,"is_range":60,"range_type":404,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":417,"vendor":398,"product":417,"cpe_part":400,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":418},"undertow",[419],{"version":420,"is_range":392,"range_type":404,"version_start":9,"version_start_type":9,"version_end":421,"version_end_type":395,"fixed_in":9},"lt2.2.0","2.2.0"]