[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-16120":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":26,"aliases":27,"duplicate_of":9,"upstream":28,"downstream":29,"duplicates":70,"related":71,"reserved_at":9,"published_at":86,"modified_at":87,"state":88,"summary":89,"references_raw":98,"kevs":151,"epss":152,"epss_history":155,"metrics":426,"affected":441},"CVE-2020-16120","Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (\"ovl: stack file ops\"). This was fixed in kernel version 5.8 by commits 56230d9 (\"ovl: verify permissions in ovl_path_open()\"), 48bd024 (\"ovl: switch to mounter creds in readdir\") and 05acefb (\"ovl: check permission to open real file\"). Additionally, commits 130fdbc (\"ovl: pass correct flags for opening real directory\") and 292f902 (\"ovl: call secutiry hook in ovl_real_ioctl()\") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (\"ovl: do not fail because of O_NOATIMEi\") in kernel 5.11.",null,[11,18],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-OTHER","Other","NVD uses this CWE ID when the weakness does not map to any existing CWE entry.","placeholder","NVD-Reserved",[],{"_key":19,"id":19,"name":20,"description":21,"type":22,"status":23,"abstraction":24,"likelihood_of_exploit":9,"capec":25},"CWE-266","Incorrect Privilege Assignment","A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.","weakness","Draft","Base",[],[],[],[],[30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68],{"_key":31},"SUSE-SU-2020:3272-1",{"_key":33},"OPENSUSE-SU-2020:2112-1",{"_key":35},"SUSE-SU-2020:3122-1",{"_key":37},"SUSE-SU-2020:3281-1",{"_key":39},"SUSE-SU-2020:3326-1",{"_key":41},"SUSE-SU-2020:3484-1",{"_key":43},"SUSE-SU-2020:3491-1",{"_key":45},"SUSE-SU-2020:3512-1",{"_key":47},"SUSE-SU-2020:3513-1",{"_key":49},"SUSE-SU-2020:3522-1",{"_key":51},"SUSE-SU-2020:3532-1",{"_key":53},"SUSE-SU-2020:3544-1",{"_key":55},"OPENSUSE-SU-2020:1906-1",{"_key":57},"OPENSUSE-SU-2021:0242-1",{"_key":59},"DEBIAN-CVE-2020-16120",{"_key":61},"LSN-0072-1",{"_key":63},"UBUNTU-CVE-2020-16120",{"_key":65},"USN-4576-1",{"_key":67},"USN-4577-1",{"_key":69},"USN-4578-1",[],[72,73,74,75,76,77,78,79,80,81,82,83,84,85],{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},"2021-02-10T19:45:26.096Z","2024-09-16T18:49:11.997Z","Modified",{"cisa_kev":90,"cisa_ransomware":90,"cisa_vendor":9,"epss_severity":91,"epss_score":92,"severity":93,"severity_score":94,"severity_version":95,"severity_source":96,"severity_vector":97,"severity_status":88},false,"low",0.00063,"medium",5.1,"v3.1","cve.org","CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",[99,107,111,115,121,127,131,135,139,143,147],{"url":100,"sources":101,"tags":103},"https://ubuntu.com/USN-4576-1",[96,102],"nvd",[104,105,106],"Vendor Advisory","X Refsource UBUNTU","Third Party Advisory",{"url":108,"sources":109,"tags":110},"https://ubuntu.com/USN-4577-1",[96,102],[104,105,106],{"url":112,"sources":113,"tags":114},"https://ubuntu.com/USN-4578-1",[96,102],[104,105,106],{"url":116,"sources":117,"tags":118},"https://www.openwall.com/lists/oss-security/2020/10/14/2",[96,102],[119,120,106],"X Refsource CONFIRM","Mailing List",{"url":122,"sources":123,"tags":124},"https://launchpad.net/bugs/1894980",[96,102],[104,105,125,126,106],"Issue Tracking","Patch",{"url":128,"sources":129,"tags":130},"https://launchpad.net/bugs/1900141",[96,102],[104,105,125,106],{"url":132,"sources":133,"tags":134},"https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d",[96,102],[119,126,106],{"url":136,"sources":137,"tags":138},"https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f",[96,102],[119,126,106],{"url":140,"sources":141,"tags":142},"https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8",[96,102],[119,126,106],{"url":144,"sources":145,"tags":146},"https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52",[96,102],[119,126,106],{"url":148,"sources":149,"tags":150},"https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84",[96,102],[119,126,106],[],{"date":153,"score":92,"percentile":154},"2026-06-03",0.19802,[156,160,163,166,168,171,174,177,180,183,186,189,192,195,198,202,205,208,211,214,217,220,223,226,229,232,235,238,241,244,247,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,299,302,305,308,311,314,317,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,365,368,371,374,377,379,381,384,387,390,393,396,399,402,405,408,411,414,417,420,423],{"date":157,"score":158,"percentile":159},"2025-11-04",0.00082,0.24663,{"date":161,"score":158,"percentile":162},"2025-11-05",0.24646,{"date":164,"score":158,"percentile":165},"2025-11-06",0.24653,{"date":167,"score":158,"percentile":159},"2025-11-07",{"date":169,"score":158,"percentile":170},"2025-11-08",0.24667,{"date":172,"score":158,"percentile":173},"2025-11-09",0.24629,{"date":175,"score":158,"percentile":176},"2025-11-10",0.2459,{"date":178,"score":158,"percentile":179},"2025-11-11",0.24595,{"date":181,"score":158,"percentile":182},"2025-11-12",0.24621,{"date":184,"score":158,"percentile":185},"2025-11-13",0.2462,{"date":187,"score":158,"percentile":188},"2025-11-14",0.24613,{"date":190,"score":158,"percentile":191},"2025-11-15",0.24599,{"date":193,"score":158,"percentile":194},"2025-11-16",0.24553,{"date":196,"score":158,"percentile":197},"2025-11-17",0.24509,{"date":199,"score":200,"percentile":201},"2025-11-18",0.00062,0.14906,{"date":203,"score":200,"percentile":204},"2025-11-19",0.14922,{"date":206,"score":200,"percentile":207},"2025-11-20",0.14934,{"date":209,"score":158,"percentile":210},"2025-11-21",0.24432,{"date":212,"score":158,"percentile":213},"2025-11-22",0.24429,{"date":215,"score":158,"percentile":216},"2025-11-23",0.2438,{"date":218,"score":158,"percentile":219},"2025-11-24",0.2435,{"date":221,"score":158,"percentile":222},"2025-11-25",0.24339,{"date":224,"score":158,"percentile":225},"2025-11-26",0.24327,{"date":227,"score":158,"percentile":228},"2025-11-27",0.24324,{"date":230,"score":158,"percentile":231},"2025-11-28",0.24301,{"date":233,"score":158,"percentile":234},"2025-11-29",0.24285,{"date":236,"score":158,"percentile":237},"2025-11-30",0.24259,{"date":239,"score":158,"percentile":240},"2025-12-01",0.24304,{"date":242,"score":158,"percentile":243},"2025-12-02",0.24323,{"date":245,"score":158,"percentile":246},"2025-12-03",0.24333,{"date":248,"score":249,"percentile":250},"2025-12-04",0.00047,0.14327,{"date":252,"score":249,"percentile":253},"2025-12-05",0.14391,{"date":255,"score":249,"percentile":256},"2025-12-06",0.14414,{"date":258,"score":249,"percentile":259},"2025-12-07",0.14394,{"date":261,"score":249,"percentile":262},"2025-12-08",0.1441,{"date":264,"score":249,"percentile":265},"2025-12-09",0.14467,{"date":267,"score":249,"percentile":268},"2025-12-10",0.14537,{"date":270,"score":249,"percentile":271},"2025-12-11",0.14569,{"date":273,"score":249,"percentile":274},"2025-12-12",0.14614,{"date":276,"score":249,"percentile":277},"2025-12-13",0.14623,{"date":279,"score":249,"percentile":280},"2025-12-14",0.14585,{"date":282,"score":249,"percentile":283},"2025-12-15",0.1455,{"date":285,"score":249,"percentile":286},"2025-12-16",0.14571,{"date":288,"score":249,"percentile":289},"2025-12-17",0.14669,{"date":291,"score":249,"percentile":292},"2025-12-18",0.14726,{"date":294,"score":249,"percentile":295},"2025-12-19",0.14764,{"date":297,"score":249,"percentile":298},"2025-12-20",0.14736,{"date":300,"score":249,"percentile":301},"2025-12-21",0.14705,{"date":303,"score":249,"percentile":304},"2025-12-22",0.14653,{"date":306,"score":249,"percentile":307},"2025-12-23",0.14655,{"date":309,"score":249,"percentile":310},"2025-12-24",0.14665,{"date":312,"score":249,"percentile":313},"2025-12-25",0.14738,{"date":315,"score":249,"percentile":316},"2025-12-26",0.14717,{"date":318,"score":319,"percentile":320},"2025-12-27",0.00052,0.16493,{"date":322,"score":249,"percentile":323},"2025-12-28",0.14672,{"date":325,"score":249,"percentile":326},"2025-12-29",0.14607,{"date":328,"score":249,"percentile":329},"2025-12-30",0.14619,{"date":331,"score":249,"percentile":332},"2025-12-31",0.14683,{"date":334,"score":249,"percentile":335},"2026-01-01",0.14769,{"date":337,"score":249,"percentile":338},"2026-01-02",0.14758,{"date":340,"score":249,"percentile":341},"2026-01-03",0.14732,{"date":343,"score":249,"percentile":344},"2026-01-04",0.14652,{"date":346,"score":249,"percentile":347},"2026-01-05",0.146,{"date":349,"score":249,"percentile":350},"2026-01-06",0.1461,{"date":352,"score":249,"percentile":353},"2026-01-07",0.14646,{"date":355,"score":249,"percentile":356},"2026-01-08",0.1471,{"date":358,"score":249,"percentile":359},"2026-01-09",0.14719,{"date":361,"score":249,"percentile":362},"2026-01-10",0.1474,{"date":364,"score":249,"percentile":344},"2026-01-11",{"date":366,"score":249,"percentile":367},"2026-01-12",0.1462,{"date":369,"score":249,"percentile":370},"2026-01-13",0.14603,{"date":372,"score":249,"percentile":373},"2026-01-14",0.14662,{"date":375,"score":249,"percentile":376},"2026-01-15",0.14658,{"date":378,"score":249,"percentile":332},"2026-01-16",{"date":380,"score":249,"percentile":301},"2026-01-17",{"date":382,"score":249,"percentile":383},"2026-01-18",0.14645,{"date":385,"score":249,"percentile":386},"2026-01-19",0.14575,{"date":388,"score":249,"percentile":389},"2026-01-20",0.14556,{"date":391,"score":249,"percentile":392},"2026-01-21",0.14546,{"date":394,"score":249,"percentile":395},"2026-01-22",0.14468,{"date":397,"score":249,"percentile":398},"2026-01-23",0.14544,{"date":400,"score":249,"percentile":401},"2026-01-24",0.1458,{"date":403,"score":249,"percentile":404},"2026-01-25",0.14514,{"date":406,"score":249,"percentile":407},"2026-01-26",0.14431,{"date":409,"score":249,"percentile":410},"2026-01-27",0.14426,{"date":412,"score":249,"percentile":413},"2026-01-28",0.14435,{"date":415,"score":249,"percentile":416},"2026-01-29",0.14401,{"date":418,"score":249,"percentile":419},"2026-01-30",0.14405,{"date":421,"score":249,"percentile":422},"2026-01-31",0.1442,{"date":424,"score":249,"percentile":425},"2026-02-01",0.14434,[427,432],{"source":96,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":428,"cvss_v4_0":9},{"baseScore":94,"baseSeverity":429,"vectorString":97,"impactScore":430,"exploitabilityScore":431},"MEDIUM",6,3.6,{"source":102,"cvss_v2_0":433,"cvss_v3_0":9,"cvss_v3_1":438,"cvss_v4_0":9},{"baseScore":434,"baseSeverity":9,"vectorString":435,"impactScore":436,"exploitabilityScore":437},2.1,"AV:L/AC:L/Au:N/C:P/I:N/A:N",2.9,3.9,{"baseScore":439,"baseSeverity":429,"vectorString":440,"impactScore":430,"exploitabilityScore":434},4.4,"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",[442,457,469],{"ecosystem":9,"name":443,"vendor":444,"product":445,"cpe_part":446,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":447},"ubuntu linux","canonical","ubuntu_linux","o",[448,451,453,455],{"version":449,"is_range":90,"range_type":450,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04","cpe",{"version":452,"is_range":90,"range_type":450,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":454,"is_range":90,"range_type":450,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":456,"is_range":90,"range_type":450,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"20.04",{"ecosystem":9,"name":458,"vendor":459,"product":459,"cpe_part":460,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":461},"Linux Kernel","linux kernel","a",[462],{"version":463,"is_range":464,"range_type":96,"version_start":465,"version_start_type":466,"version_end":467,"version_end_type":468,"fixed_in":9},">= 5.11-stable, \u003C 5.11.0",true,"5.11-stable","including","5.11.0","excluding",{"ecosystem":9,"name":459,"vendor":470,"product":471,"cpe_part":446,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":472},"linux","linux_kernel",[473],{"version":474,"is_range":464,"range_type":450,"version_start":9,"version_start_type":9,"version_end":475,"version_end_type":468,"fixed_in":9},"lt5.11","5.11"]