[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-11100":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":52,"related":53,"reserved_at":9,"published_at":58,"modified_at":59,"state":60,"summary":61,"references_raw":70,"kevs":141,"epss":142,"epss_history":145,"metrics":364,"affected":375},"CVE-2020-11100","In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-787","Out-of-bounds Write","The product writes data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base","High",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50],{"_key":25},"ALPINE-CVE-2020-11100",{"_key":27},"RHSA-2020:1287",{"_key":29},"RHSA-2020:1288",{"_key":31},"RHSA-2020:1289",{"_key":33},"RHSA-2020:1290",{"_key":35},"RHSA-2020:1936",{"_key":37},"SUSE-SU-2020:0851-1",{"_key":39},"SUSE-SU-2020:0852-1",{"_key":41},"UBUNTU-CVE-2020-11100",{"_key":43},"USN-4321-1",{"_key":45},"OPENSUSE-SU-2020:0444-1",{"_key":47},"OPENSUSE-SU-2024:10839-1",{"_key":49},"DSA-4649-1",{"_key":51},"DEBIAN-CVE-2020-11100",[],[54,55,56,57],{"_key":37},{"_key":39},{"_key":45},{"_key":47},"2020-04-02T14:23:05.000Z","2024-08-04T11:21:14.619Z","Modified",{"cisa_kev":62,"cisa_ransomware":62,"cisa_vendor":9,"epss_severity":63,"epss_score":64,"severity":65,"severity_score":66,"severity_version":67,"severity_source":68,"severity_vector":69,"severity_status":60},false,"critical",0.74396,"high",8.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[71,78,84,90,94,99,103,107,112,117,122,127,132,136],{"url":72,"sources":73,"tags":75},"http://www.haproxy.org",[74,68],"cve.org",[76,77],"X Refsource MISC","Vendor Advisory",{"url":79,"sources":80,"tags":81},"https://www.haproxy.org/download/2.1/src/CHANGELOG",[74,68],[82,83,77],"X Refsource CONFIRM","Release Notes",{"url":85,"sources":86,"tags":87},"https://lists.debian.org/debian-security-announce/2020/msg00052.html",[74,68],[82,88,89],"Mailing List","Third Party Advisory",{"url":91,"sources":92,"tags":93},"https://www.mail-archive.com/haproxy%40formilux.org/msg36876.html",[74,68],[82],{"url":95,"sources":96,"tags":97},"https://bugzilla.redhat.com/show_bug.cgi?id=1819111",[74,68],[82,98,89],"Issue Tracking",{"url":100,"sources":101,"tags":102},"https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88",[74,68],[82],{"url":104,"sources":105,"tags":106},"https://bugzilla.suse.com/show_bug.cgi?id=1168023",[74,68],[82,98,89],{"url":108,"sources":109,"tags":110},"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html",[74,68],[77,111,88,89],"X Refsource SUSE",{"url":113,"sources":114,"tags":115},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNW5RZLIX7LOXRLV7WMHX22CI43XSXKW/",[74,68],[77,116],"X Refsource FEDORA",{"url":118,"sources":119,"tags":120},"https://www.debian.org/security/2020/dsa-4649",[74,68],[77,121,89],"X Refsource DEBIAN",{"url":123,"sources":124,"tags":125},"https://usn.ubuntu.com/4321-1/",[74,68],[77,126,89],"X Refsource UBUNTU",{"url":128,"sources":129,"tags":130},"http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html",[74,68],[76,89,131],"VDB Entry",{"url":133,"sources":134,"tags":135},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/264C7UL3X7L7QE74ZJ557IOUFS3J4QQC/",[74,68],[77,116],{"url":137,"sources":138,"tags":139},"https://security.gentoo.org/glsa/202012-22",[74,68],[77,140,89],"X Refsource GENTOO",[],{"date":143,"score":64,"percentile":144},"2026-06-04",0.98865,[146,150,153,155,158,160,163,165,167,169,172,174,176,178,180,184,187,189,191,193,195,197,199,201,204,207,209,211,215,217,220,223,226,228,230,232,235,238,241,244,247,249,251,254,256,259,261,263,265,267,269,271,273,275,279,281,284,286,289,292,294,297,300,302,304,307,309,311,314,316,318,320,322,324,326,328,330,332,334,336,338,340,344,346,348,350,352,355,358,360],{"date":147,"score":148,"percentile":149},"2025-11-04",0.75554,0.98837,{"date":151,"score":148,"percentile":152},"2025-11-05",0.98836,{"date":154,"score":148,"percentile":152},"2025-11-06",{"date":156,"score":148,"percentile":157},"2025-11-07",0.98833,{"date":159,"score":148,"percentile":157},"2025-11-08",{"date":161,"score":148,"percentile":162},"2025-11-09",0.98834,{"date":164,"score":148,"percentile":162},"2025-11-10",{"date":166,"score":148,"percentile":157},"2025-11-11",{"date":168,"score":148,"percentile":162},"2025-11-12",{"date":170,"score":148,"percentile":171},"2025-11-13",0.98835,{"date":173,"score":148,"percentile":171},"2025-11-14",{"date":175,"score":148,"percentile":162},"2025-11-15",{"date":177,"score":148,"percentile":171},"2025-11-16",{"date":179,"score":148,"percentile":152},"2025-11-17",{"date":181,"score":182,"percentile":183},"2025-11-18",0.91434,0.99738,{"date":185,"score":182,"percentile":186},"2025-11-19",0.99739,{"date":188,"score":182,"percentile":186},"2025-11-20",{"date":190,"score":148,"percentile":152},"2025-11-21",{"date":192,"score":148,"percentile":171},"2025-11-22",{"date":194,"score":148,"percentile":152},"2025-11-23",{"date":196,"score":148,"percentile":149},"2025-11-24",{"date":198,"score":148,"percentile":149},"2025-11-25",{"date":200,"score":148,"percentile":149},"2025-11-26",{"date":202,"score":148,"percentile":203},"2025-11-27",0.98838,{"date":205,"score":148,"percentile":206},"2025-11-28",0.98839,{"date":208,"score":148,"percentile":206},"2025-11-29",{"date":210,"score":148,"percentile":206},"2025-11-30",{"date":212,"score":213,"percentile":214},"2025-12-01",0.43574,0.97382,{"date":216,"score":213,"percentile":214},"2025-12-02",{"date":218,"score":213,"percentile":219},"2025-12-03",0.97381,{"date":221,"score":148,"percentile":222},"2025-12-04",0.9884,{"date":224,"score":148,"percentile":225},"2025-12-05",0.98841,{"date":227,"score":148,"percentile":222},"2025-12-06",{"date":229,"score":148,"percentile":225},"2025-12-07",{"date":231,"score":148,"percentile":225},"2025-12-08",{"date":233,"score":148,"percentile":234},"2025-12-09",0.98842,{"date":236,"score":148,"percentile":237},"2025-12-10",0.98844,{"date":239,"score":148,"percentile":240},"2025-12-11",0.98845,{"date":242,"score":148,"percentile":243},"2025-12-12",0.98846,{"date":245,"score":148,"percentile":246},"2025-12-13",0.98847,{"date":248,"score":148,"percentile":246},"2025-12-14",{"date":250,"score":148,"percentile":246},"2025-12-15",{"date":252,"score":148,"percentile":253},"2025-12-16",0.98848,{"date":255,"score":148,"percentile":246},"2025-12-17",{"date":257,"score":148,"percentile":258},"2025-12-18",0.98849,{"date":260,"score":148,"percentile":253},"2025-12-19",{"date":262,"score":148,"percentile":253},"2025-12-20",{"date":264,"score":148,"percentile":246},"2025-12-21",{"date":266,"score":148,"percentile":246},"2025-12-22",{"date":268,"score":148,"percentile":253},"2025-12-23",{"date":270,"score":148,"percentile":253},"2025-12-24",{"date":272,"score":148,"percentile":258},"2025-12-25",{"date":274,"score":148,"percentile":253},"2025-12-26",{"date":276,"score":277,"percentile":278},"2025-12-27",0.01612,0.81384,{"date":280,"score":148,"percentile":258},"2025-12-28",{"date":282,"score":148,"percentile":283},"2025-12-29",0.9885,{"date":285,"score":148,"percentile":283},"2025-12-30",{"date":287,"score":148,"percentile":288},"2025-12-31",0.98851,{"date":290,"score":213,"percentile":291},"2026-01-01",0.97411,{"date":293,"score":213,"percentile":291},"2026-01-02",{"date":295,"score":213,"percentile":296},"2026-01-03",0.9741,{"date":298,"score":148,"percentile":299},"2026-01-04",0.98853,{"date":301,"score":148,"percentile":299},"2026-01-05",{"date":303,"score":148,"percentile":299},"2026-01-06",{"date":305,"score":148,"percentile":306},"2026-01-07",0.98852,{"date":308,"score":148,"percentile":299},"2026-01-08",{"date":310,"score":148,"percentile":299},"2026-01-09",{"date":312,"score":148,"percentile":313},"2026-01-10",0.98854,{"date":315,"score":148,"percentile":299},"2026-01-11",{"date":317,"score":148,"percentile":299},"2026-01-12",{"date":319,"score":148,"percentile":306},"2026-01-13",{"date":321,"score":148,"percentile":313},"2026-01-14",{"date":323,"score":148,"percentile":299},"2026-01-15",{"date":325,"score":148,"percentile":299},"2026-01-16",{"date":327,"score":148,"percentile":299},"2026-01-17",{"date":329,"score":148,"percentile":299},"2026-01-18",{"date":331,"score":148,"percentile":299},"2026-01-19",{"date":333,"score":148,"percentile":299},"2026-01-20",{"date":335,"score":148,"percentile":299},"2026-01-21",{"date":337,"score":148,"percentile":299},"2026-01-22",{"date":339,"score":148,"percentile":313},"2026-01-23",{"date":341,"score":342,"percentile":343},"2026-01-24",0.74791,0.98817,{"date":345,"score":342,"percentile":343},"2026-01-25",{"date":347,"score":342,"percentile":343},"2026-01-26",{"date":349,"score":342,"percentile":343},"2026-01-27",{"date":351,"score":342,"percentile":343},"2026-01-28",{"date":353,"score":342,"percentile":354},"2026-01-29",0.98818,{"date":356,"score":342,"percentile":357},"2026-01-30",0.98819,{"date":359,"score":342,"percentile":357},"2026-01-31",{"date":361,"score":362,"percentile":363},"2026-02-01",0.43665,0.97439,[365],{"source":68,"cvss_v2_0":366,"cvss_v3_0":9,"cvss_v3_1":371,"cvss_v4_0":9},{"baseScore":367,"baseSeverity":9,"vectorString":368,"impactScore":369,"exploitabilityScore":370},6.5,"AV:N/AC:L/Au:S/C:P/I:P/A:P",6.4,8,{"baseScore":66,"baseSeverity":372,"vectorString":69,"impactScore":373,"exploitabilityScore":374},"HIGH",9.8,7.2,[376,387,394,402,413,419],{"ecosystem":9,"name":377,"vendor":378,"product":379,"cpe_part":380,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":381},"ubuntu linux","canonical","ubuntu_linux","o",[382,385],{"version":383,"is_range":62,"range_type":384,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04","cpe",{"version":386,"is_range":62,"range_type":384,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19.10",{"ecosystem":9,"name":388,"vendor":389,"product":390,"cpe_part":380,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":391},"debian linux","debian","debian_linux",[392],{"version":393,"is_range":62,"range_type":384,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":9,"name":395,"vendor":396,"product":395,"cpe_part":380,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":397},"fedora","fedoraproject",[398,400],{"version":399,"is_range":62,"range_type":384,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"version":401,"is_range":62,"range_type":384,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"31",{"ecosystem":9,"name":403,"vendor":403,"product":403,"cpe_part":404,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":405},"haproxy","a",[406],{"version":407,"is_range":408,"range_type":384,"version_start":409,"version_start_type":410,"version_end":411,"version_end_type":412,"fixed_in":9},"gte1.8.0_lt2.1.4",true,"1.8.0","including","2.1.4","excluding",{"ecosystem":9,"name":414,"vendor":415,"product":414,"cpe_part":380,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":416},"leap","opensuse",[417],{"version":418,"is_range":62,"range_type":384,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"ecosystem":9,"name":420,"vendor":421,"product":422,"cpe_part":404,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":423},"openshift container platform","redhat","openshift_container_platform",[424,426],{"version":425,"is_range":62,"range_type":384,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.11",{"version":427,"is_range":62,"range_type":384,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0"]