[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-1734":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":44,"downstream":45,"duplicates":68,"related":69,"reserved_at":9,"published_at":79,"modified_at":80,"state":81,"summary":82,"references_raw":91,"kevs":166,"epss":167,"epss_history":170,"metrics":431,"affected":449},"CVE-2020-1734","A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-78","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":33,"name":34,"techniques":35},"CAPEC-6","Argument Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-88","OS Command Injection",[],[],[42,43],"GHSA-h39q-95q5-9jfp","PYSEC-2020-6",[],[46,48,50,52,54,56,58,60,62,64,66],{"_key":47},"OPENSUSE-SU-2024:14244-1",{"_key":49},"SUSE-SU-2020:3309-1",{"_key":51},"SUSE-SU-2022:3338-1",{"_key":53},"SUSE-SU-2022:3339-1",{"_key":55},"OPENSUSE-SU-2022:0081-1",{"_key":57},"OPENSUSE-SU-2024:14536-1",{"_key":59},"OPENSUSE-SU-2025:15753-1",{"_key":61},"OPENSUSE-SU-2025:15605-1",{"_key":63},"DEBIAN-CVE-2020-1734",{"_key":65},"UBUNTU-CVE-2020-1734",{"_key":67},"OPENSUSE-SU-2026:10944-1",[],[70,71,72,73,74,75,76,77,78],{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":67},"2020-03-03T21:23:15.000Z","2024-08-04T06:46:30.815Z","Modified",{"cisa_kev":83,"cisa_ransomware":83,"cisa_vendor":9,"epss_severity":84,"epss_score":85,"severity":86,"severity_score":87,"severity_version":88,"severity_source":89,"severity_vector":90,"severity_status":81},false,"low",0.00083,"high",7.4,"v3.1","cve.org","CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",[92,103,108,113,117,121,125,129,133,137,141,145,149,153,157,162],{"url":93,"sources":94,"tags":97},"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734",[89,95,96],"nvd","osv_pypi",[98,99,100,101,102],"X Refsource CONFIRM","Issue Tracking","Third Party Advisory","WEB","REPORT",{"url":104,"sources":105,"tags":106},"https://github.com/ansible/ansible/issues/67792",[89,95,96],[107,100,101,102],"X Refsource MISC",{"url":109,"sources":110,"tags":111},"https://nvd.nist.gov/vuln/detail/CVE-2020-1734",[96],[112],"Advisory",{"url":114,"sources":115,"tags":116},"https://github.com/ansible/ansible/issues/70159",[96],[101],{"url":118,"sources":119,"tags":120},"https://github.com/ansible/ansible/pull/70596",[96],[101],{"url":122,"sources":123,"tags":124},"https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b",[96],[101],{"url":126,"sources":127,"tags":128},"https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0",[96],[101],{"url":130,"sources":131,"tags":132},"https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f",[96],[101],{"url":134,"sources":135,"tags":136},"https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0",[96],[101],{"url":138,"sources":139,"tags":140},"https://access.redhat.com/errata/RHBA-2020:0547",[96],[101],{"url":142,"sources":143,"tags":144},"https://access.redhat.com/errata/RHBA-2020:1539",[96],[101],{"url":146,"sources":147,"tags":148},"https://access.redhat.com/security/cve/CVE-2020-1734",[96],[101],{"url":150,"sources":151,"tags":152},"https://bugzilla.redhat.com/show_bug.cgi?id=1801804",[96],[101],{"url":154,"sources":155,"tags":156},"https://github.com/advisories/GHSA-h39q-95q5-9jfp",[96],[112],{"url":158,"sources":159,"tags":160},"https://github.com/ansible/ansible",[96],[161],"PACKAGE",{"url":163,"sources":164,"tags":165},"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml",[96],[101],[],{"date":168,"score":85,"percentile":169},"2026-06-04",0.24218,[171,175,178,181,183,186,189,192,195,198,201,204,207,210,213,217,220,223,226,229,232,235,238,241,244,247,250,253,256,259,262,265,267,270,273,276,279,282,285,288,291,294,297,299,302,305,308,311,314,317,319,322,325,328,331,333,336,339,342,345,348,350,353,356,358,360,363,365,368,370,373,375,378,381,384,386,389,392,395,398,401,404,407,410,413,416,419,422,425,428],{"date":172,"score":173,"percentile":174},"2025-11-04",0.00131,0.33455,{"date":176,"score":173,"percentile":177},"2025-11-05",0.3344,{"date":179,"score":173,"percentile":180},"2025-11-06",0.33439,{"date":182,"score":173,"percentile":174},"2025-11-07",{"date":184,"score":173,"percentile":185},"2025-11-08",0.33454,{"date":187,"score":173,"percentile":188},"2025-11-09",0.3343,{"date":190,"score":173,"percentile":191},"2025-11-10",0.33376,{"date":193,"score":173,"percentile":194},"2025-11-11",0.33401,{"date":196,"score":173,"percentile":197},"2025-11-12",0.33447,{"date":199,"score":173,"percentile":200},"2025-11-13",0.33461,{"date":202,"score":173,"percentile":203},"2025-11-14",0.33466,{"date":205,"score":173,"percentile":206},"2025-11-15",0.33464,{"date":208,"score":173,"percentile":209},"2025-11-16",0.33435,{"date":211,"score":173,"percentile":212},"2025-11-17",0.33406,{"date":214,"score":215,"percentile":216},"2025-11-18",0.00103,0.24163,{"date":218,"score":215,"percentile":219},"2025-11-19",0.2419,{"date":221,"score":215,"percentile":222},"2025-11-20",0.24203,{"date":224,"score":173,"percentile":225},"2025-11-21",0.33444,{"date":227,"score":173,"percentile":228},"2025-11-22",0.3345,{"date":230,"score":173,"percentile":231},"2025-11-23",0.33415,{"date":233,"score":173,"percentile":234},"2025-11-24",0.3339,{"date":236,"score":173,"percentile":237},"2025-11-25",0.33385,{"date":239,"score":173,"percentile":240},"2025-11-26",0.33381,{"date":242,"score":173,"percentile":243},"2025-11-27",0.33389,{"date":245,"score":173,"percentile":246},"2025-11-28",0.33371,{"date":248,"score":173,"percentile":249},"2025-11-29",0.33352,{"date":251,"score":173,"percentile":252},"2025-11-30",0.33331,{"date":254,"score":173,"percentile":255},"2025-12-01",0.33423,{"date":257,"score":173,"percentile":258},"2025-12-02",0.33437,{"date":260,"score":173,"percentile":261},"2025-12-03",0.33436,{"date":263,"score":173,"percentile":264},"2025-12-04",0.33336,{"date":266,"score":173,"percentile":246},"2025-12-05",{"date":268,"score":173,"percentile":269},"2025-12-06",0.33375,{"date":271,"score":173,"percentile":272},"2025-12-07",0.33355,{"date":274,"score":173,"percentile":275},"2025-12-08",0.33367,{"date":277,"score":173,"percentile":278},"2025-12-09",0.33411,{"date":280,"score":173,"percentile":281},"2025-12-10",0.33468,{"date":283,"score":173,"percentile":284},"2025-12-11",0.33489,{"date":286,"score":173,"percentile":287},"2025-12-12",0.33518,{"date":289,"score":173,"percentile":290},"2025-12-13",0.33503,{"date":292,"score":173,"percentile":293},"2025-12-14",0.3348,{"date":295,"score":173,"percentile":296},"2025-12-15",0.33432,{"date":298,"score":173,"percentile":185},"2025-12-16",{"date":300,"score":173,"percentile":301},"2025-12-17",0.33511,{"date":303,"score":173,"percentile":304},"2025-12-18",0.3356,{"date":306,"score":173,"percentile":307},"2025-12-19",0.33583,{"date":309,"score":173,"percentile":310},"2025-12-20",0.33567,{"date":312,"score":173,"percentile":313},"2025-12-21",0.33508,{"date":315,"score":173,"percentile":316},"2025-12-22",0.33481,{"date":318,"score":173,"percentile":293},"2025-12-23",{"date":320,"score":173,"percentile":321},"2025-12-24",0.33473,{"date":323,"score":173,"percentile":324},"2025-12-25",0.33539,{"date":326,"score":173,"percentile":327},"2025-12-26",0.33523,{"date":329,"score":173,"percentile":330},"2025-12-27",0.33532,{"date":332,"score":173,"percentile":296},"2025-12-28",{"date":334,"score":173,"percentile":335},"2025-12-29",0.33398,{"date":337,"score":173,"percentile":338},"2025-12-30",0.33391,{"date":340,"score":173,"percentile":341},"2025-12-31",0.33438,{"date":343,"score":173,"percentile":344},"2026-01-01",0.33587,{"date":346,"score":173,"percentile":347},"2026-01-02",0.33574,{"date":349,"score":173,"percentile":304},"2026-01-03",{"date":351,"score":173,"percentile":352},"2026-01-04",0.33418,{"date":354,"score":173,"percentile":355},"2026-01-05",0.33403,{"date":357,"score":173,"percentile":231},"2026-01-06",{"date":359,"score":173,"percentile":296},"2026-01-07",{"date":361,"score":173,"percentile":362},"2026-01-08",0.33462,{"date":364,"score":173,"percentile":362},"2026-01-09",{"date":366,"score":173,"percentile":367},"2026-01-10",0.3346,{"date":369,"score":173,"percentile":180},"2026-01-11",{"date":371,"score":173,"percentile":372},"2026-01-12",0.3337,{"date":374,"score":173,"percentile":272},"2026-01-13",{"date":376,"score":173,"percentile":377},"2026-01-14",0.334,{"date":379,"score":173,"percentile":380},"2026-01-15",0.33395,{"date":382,"score":173,"percentile":383},"2026-01-16",0.33417,{"date":385,"score":173,"percentile":377},"2026-01-17",{"date":387,"score":173,"percentile":388},"2026-01-18",0.33337,{"date":390,"score":173,"percentile":391},"2026-01-19",0.33299,{"date":393,"score":173,"percentile":394},"2026-01-20",0.33282,{"date":396,"score":173,"percentile":397},"2026-01-21",0.33242,{"date":399,"score":173,"percentile":400},"2026-01-22",0.33217,{"date":402,"score":173,"percentile":403},"2026-01-23",0.33279,{"date":405,"score":173,"percentile":406},"2026-01-24",0.33287,{"date":408,"score":173,"percentile":409},"2026-01-25",0.33214,{"date":411,"score":173,"percentile":412},"2026-01-26",0.33138,{"date":414,"score":173,"percentile":415},"2026-01-27",0.33128,{"date":417,"score":173,"percentile":418},"2026-01-28",0.33103,{"date":420,"score":173,"percentile":421},"2026-01-29",0.33064,{"date":423,"score":173,"percentile":424},"2026-01-30",0.3305,{"date":426,"score":173,"percentile":427},"2026-01-31",0.3306,{"date":429,"score":173,"percentile":430},"2026-02-01",0.33153,[432,437,444],{"source":89,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":433,"cvss_v4_0":9},{"baseScore":87,"baseSeverity":434,"vectorString":90,"impactScore":435,"exploitabilityScore":436},"HIGH",10,2.1,{"source":95,"cvss_v2_0":438,"cvss_v3_0":9,"cvss_v3_1":443,"cvss_v4_0":9},{"baseScore":439,"baseSeverity":9,"vectorString":440,"impactScore":441,"exploitabilityScore":442},3.7,"AV:L/AC:H/Au:N/C:P/I:P/A:P",6.4,1.9,{"baseScore":87,"baseSeverity":434,"vectorString":90,"impactScore":435,"exploitabilityScore":436},{"source":96,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":445,"cvss_v4_0":446},{"baseScore":87,"baseSeverity":9,"vectorString":90,"impactScore":435,"exploitabilityScore":436},{"baseScore":447,"baseSeverity":9,"vectorString":448,"impactScore":9,"exploitabilityScore":9},8.5,"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",[450,473,480,493],{"ecosystem":451,"name":452,"vendor":451,"product":452,"cpe_part":9,"purl_type":453,"purl_namespace":9,"purl_name":452,"source":9,"versions":454},"PyPI","ansible","pypi",[455,463,467,470],{"version":456,"is_range":457,"range_type":458,"version_start":459,"version_start_type":460,"version_end":461,"version_end_type":462,"fixed_in":9},"gte2_10_0a1_lt2_10_0rc1",true,"ecosystem","2.10.0a1","including","2.10.0rc1","excluding",{"version":464,"is_range":457,"range_type":458,"version_start":465,"version_start_type":460,"version_end":466,"version_end_type":462,"fixed_in":9},"gte2_9_0a1_lt2_9_11","2.9.0a1","2.9.11",{"version":468,"is_range":457,"range_type":458,"version_start":9,"version_start_type":9,"version_end":469,"version_end_type":462,"fixed_in":9},"lt2_8_13","2.8.13",{"version":471,"is_range":457,"range_type":458,"version_start":9,"version_start_type":9,"version_end":472,"version_end_type":462,"fixed_in":9},"lt2_7_17","2.7.17",{"ecosystem":9,"name":474,"vendor":475,"product":452,"cpe_part":476,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":477},"Ansible","red hat","a",[478],{"version":479,"is_range":83,"range_type":89,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"n/a",{"ecosystem":9,"name":481,"vendor":482,"product":483,"cpe_part":476,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":484},"ansible engine","redhat","ansible_engine",[485,489,491],{"version":486,"is_range":457,"range_type":487,"version_start":9,"version_start_type":9,"version_end":488,"version_end_type":460,"fixed_in":9},"lte2.7.16","cpe","2.7.16",{"version":490,"is_range":83,"range_type":487,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.8.8",{"version":492,"is_range":83,"range_type":487,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.9.5",{"ecosystem":9,"name":494,"vendor":482,"product":495,"cpe_part":476,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":496},"ansible tower","ansible_tower",[497,500,502,504],{"version":498,"is_range":457,"range_type":487,"version_start":9,"version_start_type":9,"version_end":499,"version_end_type":460,"fixed_in":9},"lte3.3.4","3.3.4",{"version":501,"is_range":83,"range_type":487,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.4.5",{"version":503,"is_range":83,"range_type":487,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.5.5",{"version":505,"is_range":83,"range_type":487,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.6.3"]