[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-10696":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":58,"duplicate_of":9,"upstream":61,"downstream":62,"duplicates":105,"related":106,"reserved_at":9,"published_at":123,"modified_at":124,"state":125,"summary":126,"references_raw":134,"kevs":177,"epss":178,"epss_history":181,"metrics":441,"affected":456},"CVE-2020-10696","A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[41,50],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_CONTAINERS_BUILDAH","Buildah","github","https://github.com/containers/buildah/pull/2245","poc",0.3,false,[],{"_key":51,"name":52,"source":53,"url":54,"maturity":55,"reliability_score":56,"verified":48,"type":9,"platforms":57,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_20A360B177B6B314","Exploit Reference (bugzilla.redhat.com)","reference","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696","unknown",0.2,[],[59,60],"GHSA-fx8w-mjvm-hvpc","GO-2022-0828",[],[63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103],{"_key":64},"SUSE-SU-2020:3423-1",{"_key":66},"SUSE-SU-2022:0770-1",{"_key":68},"SUSE-SU-2022:3480-1",{"_key":70},"SUSE-SU-2022:3655-1",{"_key":72},"SUSE-SU-2022:3766-1",{"_key":74},"SUSE-SU-2022:4349-1",{"_key":76},"SUSE-SU-2022:4350-1",{"_key":78},"OPENSUSE-SU-2020:2106-1",{"_key":80},"OPENSUSE-SU-2021:0310-1",{"_key":82},"OPENSUSE-SU-2022:0770-1",{"_key":84},"OPENSUSE-SU-2024:10666-1",{"_key":86},"OPENSUSE-SU-2024:14599-1",{"_key":88},"RHSA-2020:1396",{"_key":90},"RHSA-2020:1401",{"_key":92},"RHSA-2020:1449",{"_key":94},"RHSA-2020:1926",{"_key":96},"RHSA-2020:1931",{"_key":98},"RHSA-2020:1932",{"_key":100},"RHSA-2020:2116",{"_key":102},"RHSA-2020:2117",{"_key":104},"DEBIAN-CVE-2020-10696",[],[107,108,109,110,111,112,113,114,115,116,117,118,119,121],{"_key":64},{"_key":66},{"_key":68},{"_key":70},{"_key":72},{"_key":74},{"_key":76},{"_key":78},{"_key":80},{"_key":82},{"_key":84},{"_key":86},{"_key":120},"CGA-2X82-JH2M-C6CJ",{"_key":122},"CGA-896R-32FV-CPPF","2020-03-31T21:01:22.000Z","2024-08-04T11:06:11.148Z","Modified",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":127,"epss_score":128,"severity":129,"severity_score":130,"severity_version":131,"severity_source":132,"severity_vector":133,"severity_status":125},"low",0.00258,"high",9.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:C/I:C/A:C",[135,146,151,155,160,164,169,173],{"url":54,"sources":136,"tags":139},[137,132,138],"cve.org","osv_go",[140,141,142,143,144,145],"X Refsource CONFIRM","Exploit","Issue Tracking","Patch","Third Party Advisory","WEB",{"url":45,"sources":147,"tags":148},[137,132,138],[149,141,144,145,150],"X Refsource MISC","FIX",{"url":152,"sources":153,"tags":154},"https://access.redhat.com/security/cve/cve-2020-10696",[137,132,138],[149,144,145],{"url":156,"sources":157,"tags":158},"https://nvd.nist.gov/vuln/detail/CVE-2020-10696",[138],[159],"Advisory",{"url":161,"sources":162,"tags":163},"https://bugzilla.redhat.com/show_bug.cgi?id=1817651",[138],[145],{"url":165,"sources":166,"tags":167},"https://github.com/containers/buildah",[138],[168],"PACKAGE",{"url":170,"sources":171,"tags":172},"https://pkg.go.dev/vuln/GO-2022-0828",[138],[145],{"url":174,"sources":175,"tags":176},"https://github.com/advisories/GHSA-fx8w-mjvm-hvpc",[138],[159],[],{"date":179,"score":128,"percentile":180},"2026-06-04",0.49429,[182,186,189,192,195,198,201,204,207,209,212,215,218,220,223,227,230,233,236,239,241,244,246,249,252,254,257,260,263,266,269,272,274,276,279,283,286,289,292,295,298,300,303,306,309,312,315,317,320,323,326,328,331,333,336,339,342,345,348,351,354,356,359,362,365,368,371,374,377,379,382,384,387,390,393,396,398,401,404,407,409,411,415,418,421,425,429,432,435,438],{"date":183,"score":184,"percentile":185},"2025-11-04",0.00873,0.745,{"date":187,"score":184,"percentile":188},"2025-11-05",0.7449,{"date":190,"score":184,"percentile":191},"2025-11-06",0.74488,{"date":193,"score":184,"percentile":194},"2025-11-07",0.74505,{"date":196,"score":184,"percentile":197},"2025-11-08",0.74503,{"date":199,"score":184,"percentile":200},"2025-11-09",0.74498,{"date":202,"score":184,"percentile":203},"2025-11-10",0.74483,{"date":205,"score":184,"percentile":206},"2025-11-11",0.74486,{"date":208,"score":184,"percentile":194},"2025-11-12",{"date":210,"score":184,"percentile":211},"2025-11-13",0.74513,{"date":213,"score":184,"percentile":214},"2025-11-14",0.74517,{"date":216,"score":184,"percentile":217},"2025-11-15",0.74514,{"date":219,"score":184,"percentile":211},"2025-11-16",{"date":221,"score":184,"percentile":222},"2025-11-17",0.74506,{"date":224,"score":225,"percentile":226},"2025-11-18",0.01362,0.78514,{"date":228,"score":225,"percentile":229},"2025-11-19",0.78523,{"date":231,"score":225,"percentile":232},"2025-11-20",0.78531,{"date":234,"score":184,"percentile":235},"2025-11-21",0.74531,{"date":237,"score":184,"percentile":238},"2025-11-22",0.74519,{"date":240,"score":184,"percentile":194},"2025-11-23",{"date":242,"score":184,"percentile":243},"2025-11-24",0.74501,{"date":245,"score":184,"percentile":197},"2025-11-25",{"date":247,"score":184,"percentile":248},"2025-11-26",0.7451,{"date":250,"score":184,"percentile":251},"2025-11-27",0.74511,{"date":253,"score":184,"percentile":185},"2025-11-28",{"date":255,"score":184,"percentile":256},"2025-11-29",0.74497,{"date":258,"score":184,"percentile":259},"2025-11-30",0.74496,{"date":261,"score":184,"percentile":262},"2025-12-01",0.74627,{"date":264,"score":184,"percentile":265},"2025-12-02",0.74633,{"date":267,"score":184,"percentile":268},"2025-12-03",0.74623,{"date":270,"score":184,"percentile":271},"2025-12-04",0.74492,{"date":273,"score":184,"percentile":243},"2025-12-05",{"date":275,"score":184,"percentile":194},"2025-12-06",{"date":277,"score":184,"percentile":278},"2025-12-07",0.74502,{"date":280,"score":281,"percentile":282},"2025-12-08",0.00793,0.73189,{"date":284,"score":281,"percentile":285},"2025-12-09",0.73215,{"date":287,"score":281,"percentile":288},"2025-12-10",0.73249,{"date":290,"score":281,"percentile":291},"2025-12-11",0.73267,{"date":293,"score":281,"percentile":294},"2025-12-12",0.73291,{"date":296,"score":281,"percentile":297},"2025-12-13",0.73294,{"date":299,"score":281,"percentile":297},"2025-12-14",{"date":301,"score":281,"percentile":302},"2025-12-15",0.73296,{"date":304,"score":281,"percentile":305},"2025-12-16",0.73306,{"date":307,"score":281,"percentile":308},"2025-12-17",0.73317,{"date":310,"score":281,"percentile":311},"2025-12-18",0.7334,{"date":313,"score":281,"percentile":314},"2025-12-19",0.73358,{"date":316,"score":281,"percentile":314},"2025-12-20",{"date":318,"score":281,"percentile":319},"2025-12-21",0.73353,{"date":321,"score":281,"percentile":322},"2025-12-22",0.73351,{"date":324,"score":281,"percentile":325},"2025-12-23",0.73341,{"date":327,"score":281,"percentile":322},"2025-12-24",{"date":329,"score":281,"percentile":330},"2025-12-25",0.73378,{"date":332,"score":281,"percentile":330},"2025-12-26",{"date":334,"score":281,"percentile":335},"2025-12-27",0.73391,{"date":337,"score":281,"percentile":338},"2025-12-28",0.73355,{"date":340,"score":281,"percentile":341},"2025-12-29",0.7335,{"date":343,"score":281,"percentile":344},"2025-12-30",0.73364,{"date":346,"score":281,"percentile":347},"2025-12-31",0.73393,{"date":349,"score":281,"percentile":350},"2026-01-01",0.73544,{"date":352,"score":281,"percentile":353},"2026-01-02",0.73543,{"date":355,"score":281,"percentile":353},"2026-01-03",{"date":357,"score":281,"percentile":358},"2026-01-04",0.73405,{"date":360,"score":281,"percentile":361},"2026-01-05",0.73397,{"date":363,"score":281,"percentile":364},"2026-01-06",0.7341,{"date":366,"score":281,"percentile":367},"2026-01-07",0.73419,{"date":369,"score":281,"percentile":370},"2026-01-08",0.73429,{"date":372,"score":281,"percentile":373},"2026-01-09",0.73432,{"date":375,"score":281,"percentile":376},"2026-01-10",0.73427,{"date":378,"score":281,"percentile":367},"2026-01-11",{"date":380,"score":281,"percentile":381},"2026-01-12",0.73408,{"date":383,"score":281,"percentile":358},"2026-01-13",{"date":385,"score":281,"percentile":386},"2026-01-14",0.7343,{"date":388,"score":281,"percentile":389},"2026-01-15",0.73439,{"date":391,"score":281,"percentile":392},"2026-01-16",0.73457,{"date":394,"score":281,"percentile":395},"2026-01-17",0.73453,{"date":397,"score":281,"percentile":376},"2026-01-18",{"date":399,"score":281,"percentile":400},"2026-01-19",0.73414,{"date":402,"score":281,"percentile":403},"2026-01-20",0.73416,{"date":405,"score":281,"percentile":406},"2026-01-21",0.7342,{"date":408,"score":281,"percentile":376},"2026-01-22",{"date":410,"score":281,"percentile":392},"2026-01-23",{"date":412,"score":413,"percentile":414},"2026-01-24",0.00682,0.71123,{"date":416,"score":413,"percentile":417},"2026-01-25",0.71099,{"date":419,"score":413,"percentile":420},"2026-01-26",0.71094,{"date":422,"score":423,"percentile":424},"2026-01-27",0.00493,0.65108,{"date":426,"score":427,"percentile":428},"2026-01-28",0.00301,0.52975,{"date":430,"score":427,"percentile":431},"2026-01-29",0.52971,{"date":433,"score":427,"percentile":434},"2026-01-30",0.52973,{"date":436,"score":427,"percentile":437},"2026-01-31",0.52979,{"date":439,"score":427,"percentile":440},"2026-02-01",0.53116,[442,449,454],{"source":137,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":443,"cvss_v4_0":9},{"baseScore":444,"baseSeverity":445,"vectorString":446,"impactScore":447,"exploitabilityScore":448},8.8,"HIGH","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",9.8,7.2,{"source":132,"cvss_v2_0":450,"cvss_v3_0":9,"cvss_v3_1":453,"cvss_v4_0":9},{"baseScore":130,"baseSeverity":9,"vectorString":133,"impactScore":451,"exploitabilityScore":452},10,8.6,{"baseScore":444,"baseSeverity":445,"vectorString":446,"impactScore":447,"exploitabilityScore":448},{"source":138,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":455,"cvss_v4_0":9},{"baseScore":444,"baseSeverity":9,"vectorString":446,"impactScore":447,"exploitabilityScore":448},[457,468,478,484,494],{"ecosystem":9,"name":458,"vendor":459,"product":458,"cpe_part":460,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":461},"buildah","buildah_project","a",[462],{"version":463,"is_range":464,"range_type":465,"version_start":9,"version_start_type":9,"version_end":466,"version_end_type":467,"fixed_in":9},"lt1.14.5",true,"cpe","1.14.5","excluding",{"ecosystem":469,"name":470,"vendor":471,"product":458,"cpe_part":9,"purl_type":472,"purl_namespace":471,"purl_name":458,"source":9,"versions":473},"Go","github.com/containers/buildah","github.com/containers","golang",[474],{"version":475,"is_range":464,"range_type":476,"version_start":9,"version_start_type":9,"version_end":477,"version_end_type":467,"fixed_in":9},"lt1_14_4","semver","1.14.4",{"ecosystem":9,"name":458,"vendor":479,"product":458,"cpe_part":460,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":480},"red hat",[481],{"version":482,"is_range":48,"range_type":137,"version_start":482,"version_start_type":483,"version_end":482,"version_end_type":483,"fixed_in":9},"Fixed in buildah-1.14.5","including",{"ecosystem":9,"name":485,"vendor":486,"product":487,"cpe_part":488,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":489},"enterprise linux","redhat","enterprise_linux","o",[490,492],{"version":491,"is_range":48,"range_type":465,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"version":493,"is_range":48,"range_type":465,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"ecosystem":9,"name":495,"vendor":486,"product":496,"cpe_part":460,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":497},"openshift container platform","openshift_container_platform",[498],{"version":499,"is_range":48,"range_type":465,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.11"]