[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-1737":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":44,"downstream":45,"duplicates":76,"related":77,"reserved_at":9,"published_at":86,"modified_at":87,"state":88,"summary":89,"references_raw":98,"kevs":192,"epss":193,"epss_history":196,"metrics":461,"affected":482},"CVE-2020-1737","A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[42,43],"GHSA-893h-35v4-mxqx","PYSEC-2020-9",[],[46,48,50,52,54,56,58,60,62,64,66,68,70,72,74],{"_key":47},"ALPINE-CVE-2020-1737",{"_key":49},"RHSA-2020:1543",{"_key":51},"RHSA-2020:1544",{"_key":53},"UBUNTU-CVE-2020-1737",{"_key":55},"OPENSUSE-SU-2024:14244-1",{"_key":57},"SUSE-SU-2020:3309-1",{"_key":59},"OPENSUSE-SU-2022:0081-1",{"_key":61},"OPENSUSE-SU-2024:14536-1",{"_key":63},"OPENSUSE-SU-2025:15753-1",{"_key":65},"OPENSUSE-SU-2025:15605-1",{"_key":67},"MGASA-2020-0217",{"_key":69},"DEBIAN-CVE-2020-1737",{"_key":71},"RHSA-2020:1541",{"_key":73},"RHSA-2020:1542",{"_key":75},"OPENSUSE-SU-2026:10944-1",[],[78,79,80,81,82,83,84,85],{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":75},"2020-03-09T15:11:38.000Z","2024-08-04T06:46:30.898Z","Modified",{"cisa_kev":90,"cisa_ransomware":90,"cisa_vendor":9,"epss_severity":91,"epss_score":92,"severity":93,"severity_score":94,"severity_version":95,"severity_source":96,"severity_vector":97,"severity_status":88},false,"low",0.00155,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[99,110,116,121,125,129,135,139,143,147,151,155,159,163,168,172,176,180,184,188],{"url":100,"sources":101,"tags":104},"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737",[102,96,103],"cve.org","osv_pypi",[105,106,107,108,109],"X Refsource CONFIRM","Issue Tracking","Vendor Advisory","WEB","REPORT",{"url":111,"sources":112,"tags":113},"https://github.com/ansible/ansible/issues/67795",[102,96,103],[114,115,108,109],"X Refsource MISC","Third Party Advisory",{"url":117,"sources":118,"tags":119},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/",[102,96],[107,120],"X Refsource FEDORA",{"url":122,"sources":123,"tags":124},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/",[102,96],[107,120],{"url":126,"sources":127,"tags":128},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/",[102,96],[107,120],{"url":130,"sources":131,"tags":132},"https://security.gentoo.org/glsa/202006-11",[102,96,103],[107,133,108,134],"X Refsource GENTOO","Advisory",{"url":136,"sources":137,"tags":138},"https://nvd.nist.gov/vuln/detail/CVE-2020-1737",[103],[134],{"url":140,"sources":141,"tags":142},"https://github.com/ansible/ansible/pull/67799",[103],[108],{"url":144,"sources":145,"tags":146},"https://github.com/samdoran/ansible/commit/1de638b4d38d6d916588e2ad48d01f90dab8c36d",[103],[108],{"url":148,"sources":149,"tags":150},"https://github.com/samdoran/ansible/commit/aaf549d7870b8687209a3282841b59207735b676",[103],[108],{"url":152,"sources":153,"tags":154},"https://github.com/samdoran/ansible/commit/b60aa26e2313a8d52c0e0d3fd01696e797605b72",[103],[108],{"url":156,"sources":157,"tags":158},"https://github.com/advisories/GHSA-893h-35v4-mxqx",[103],[134],{"url":160,"sources":161,"tags":162},"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-9.yaml",[103],[108],{"url":164,"sources":165,"tags":166},"https://github.com/samdoran/ansible",[103],[167],"PACKAGE",{"url":169,"sources":170,"tags":171},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3",[103],[108],{"url":173,"sources":174,"tags":175},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7",[103],[108],{"url":177,"sources":178,"tags":179},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2",[103],[108],{"url":181,"sources":182,"tags":183},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/",[103],[108],{"url":185,"sources":186,"tags":187},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/",[103],[108],{"url":189,"sources":190,"tags":191},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/",[103],[108],[],{"date":194,"score":92,"percentile":195},"2026-06-04",0.3588,[197,201,204,207,210,213,216,219,222,225,228,231,234,237,240,244,247,250,253,256,259,262,265,268,271,274,277,280,283,285,287,290,293,295,298,301,304,307,310,313,316,319,322,324,327,330,333,336,339,342,345,348,351,354,357,360,363,366,369,372,375,378,381,383,386,389,392,395,398,401,404,406,409,411,414,417,420,422,425,428,431,434,437,440,443,446,449,452,455,458],{"date":198,"score":199,"percentile":200},"2025-11-04",0.00119,0.31516,{"date":202,"score":199,"percentile":203},"2025-11-05",0.3149,{"date":205,"score":199,"percentile":206},"2025-11-06",0.31495,{"date":208,"score":199,"percentile":209},"2025-11-07",0.31515,{"date":211,"score":199,"percentile":212},"2025-11-08",0.31518,{"date":214,"score":199,"percentile":215},"2025-11-09",0.31496,{"date":217,"score":199,"percentile":218},"2025-11-10",0.31448,{"date":220,"score":199,"percentile":221},"2025-11-11",0.31464,{"date":223,"score":199,"percentile":224},"2025-11-12",0.31511,{"date":226,"score":199,"percentile":227},"2025-11-13",0.31529,{"date":229,"score":199,"percentile":230},"2025-11-14",0.31532,{"date":232,"score":199,"percentile":233},"2025-11-15",0.3153,{"date":235,"score":199,"percentile":236},"2025-11-16",0.31498,{"date":238,"score":199,"percentile":239},"2025-11-17",0.31473,{"date":241,"score":242,"percentile":243},"2025-11-18",0.00111,0.25175,{"date":245,"score":242,"percentile":246},"2025-11-19",0.252,{"date":248,"score":242,"percentile":249},"2025-11-20",0.25208,{"date":251,"score":199,"percentile":252},"2025-11-21",0.31513,{"date":254,"score":199,"percentile":255},"2025-11-22",0.31521,{"date":257,"score":199,"percentile":258},"2025-11-23",0.31494,{"date":260,"score":199,"percentile":261},"2025-11-24",0.31472,{"date":263,"score":199,"percentile":264},"2025-11-25",0.31467,{"date":266,"score":199,"percentile":267},"2025-11-26",0.31468,{"date":269,"score":199,"percentile":270},"2025-11-27",0.31481,{"date":272,"score":199,"percentile":273},"2025-11-28",0.31463,{"date":275,"score":199,"percentile":276},"2025-11-29",0.31447,{"date":278,"score":199,"percentile":279},"2025-11-30",0.31425,{"date":281,"score":199,"percentile":282},"2025-12-01",0.31504,{"date":284,"score":199,"percentile":230},"2025-12-02",{"date":286,"score":199,"percentile":230},"2025-12-03",{"date":288,"score":199,"percentile":289},"2025-12-04",0.31433,{"date":291,"score":199,"percentile":292},"2025-12-05",0.3147,{"date":294,"score":199,"percentile":292},"2025-12-06",{"date":296,"score":199,"percentile":297},"2025-12-07",0.31442,{"date":299,"score":199,"percentile":300},"2025-12-08",0.31455,{"date":302,"score":199,"percentile":303},"2025-12-09",0.31509,{"date":305,"score":199,"percentile":306},"2025-12-10",0.31568,{"date":308,"score":199,"percentile":309},"2025-12-11",0.31601,{"date":311,"score":199,"percentile":312},"2025-12-12",0.31635,{"date":314,"score":199,"percentile":315},"2025-12-13",0.31622,{"date":317,"score":199,"percentile":318},"2025-12-14",0.31597,{"date":320,"score":199,"percentile":321},"2025-12-15",0.31548,{"date":323,"score":199,"percentile":306},"2025-12-16",{"date":325,"score":199,"percentile":326},"2025-12-17",0.31619,{"date":328,"score":199,"percentile":329},"2025-12-18",0.31668,{"date":331,"score":199,"percentile":332},"2025-12-19",0.31695,{"date":334,"score":199,"percentile":335},"2025-12-20",0.31678,{"date":337,"score":199,"percentile":338},"2025-12-21",0.31623,{"date":340,"score":199,"percentile":341},"2025-12-22",0.31591,{"date":343,"score":199,"percentile":344},"2025-12-23",0.31573,{"date":346,"score":199,"percentile":347},"2025-12-24",0.31564,{"date":349,"score":199,"percentile":350},"2025-12-25",0.31639,{"date":352,"score":199,"percentile":353},"2025-12-26",0.31625,{"date":355,"score":199,"percentile":356},"2025-12-27",0.31637,{"date":358,"score":199,"percentile":359},"2025-12-28",0.3156,{"date":361,"score":199,"percentile":362},"2025-12-29",0.31525,{"date":364,"score":199,"percentile":365},"2025-12-30",0.31519,{"date":367,"score":199,"percentile":368},"2025-12-31",0.31569,{"date":370,"score":199,"percentile":371},"2026-01-01",0.31711,{"date":373,"score":199,"percentile":374},"2026-01-02",0.31697,{"date":376,"score":199,"percentile":377},"2026-01-03",0.31679,{"date":379,"score":199,"percentile":380},"2026-01-04",0.31539,{"date":382,"score":199,"percentile":233},"2026-01-05",{"date":384,"score":199,"percentile":385},"2026-01-06",0.31543,{"date":387,"score":199,"percentile":388},"2026-01-07",0.31565,{"date":390,"score":199,"percentile":391},"2026-01-08",0.31593,{"date":393,"score":199,"percentile":394},"2026-01-09",0.31588,{"date":396,"score":199,"percentile":397},"2026-01-10",0.31589,{"date":399,"score":199,"percentile":400},"2026-01-11",0.31554,{"date":402,"score":199,"percentile":403},"2026-01-12",0.31483,{"date":405,"score":199,"percentile":292},"2026-01-13",{"date":407,"score":199,"percentile":408},"2026-01-14",0.31514,{"date":410,"score":199,"percentile":252},"2026-01-15",{"date":412,"score":199,"percentile":413},"2026-01-16",0.31537,{"date":415,"score":199,"percentile":416},"2026-01-17",0.31534,{"date":418,"score":199,"percentile":419},"2026-01-18",0.3148,{"date":421,"score":199,"percentile":276},"2026-01-19",{"date":423,"score":199,"percentile":424},"2026-01-20",0.31432,{"date":426,"score":199,"percentile":427},"2026-01-21",0.3138,{"date":429,"score":199,"percentile":430},"2026-01-22",0.31358,{"date":432,"score":199,"percentile":433},"2026-01-23",0.31423,{"date":435,"score":199,"percentile":436},"2026-01-24",0.31438,{"date":438,"score":199,"percentile":439},"2026-01-25",0.31367,{"date":441,"score":199,"percentile":442},"2026-01-26",0.3128,{"date":444,"score":199,"percentile":445},"2026-01-27",0.31268,{"date":447,"score":199,"percentile":448},"2026-01-28",0.31243,{"date":450,"score":199,"percentile":451},"2026-01-29",0.31198,{"date":453,"score":199,"percentile":454},"2026-01-30",0.31186,{"date":456,"score":199,"percentile":457},"2026-01-31",0.31197,{"date":459,"score":199,"percentile":460},"2026-02-01",0.31281,[462,469,477],{"source":102,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":463,"cvss_v4_0":9},{"baseScore":464,"baseSeverity":465,"vectorString":466,"impactScore":467,"exploitabilityScore":468},7.5,"HIGH","CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",10,2.1,{"source":96,"cvss_v2_0":470,"cvss_v3_0":9,"cvss_v3_1":475,"cvss_v4_0":9},{"baseScore":471,"baseSeverity":9,"vectorString":472,"impactScore":473,"exploitabilityScore":474},4.6,"AV:L/AC:L/Au:N/C:P/I:P/A:P",6.4,3.9,{"baseScore":94,"baseSeverity":465,"vectorString":97,"impactScore":476,"exploitabilityScore":471},9.8,{"source":103,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":478,"cvss_v4_0":479},{"baseScore":94,"baseSeverity":9,"vectorString":97,"impactScore":476,"exploitabilityScore":471},{"baseScore":480,"baseSeverity":9,"vectorString":481,"impactScore":9,"exploitabilityScore":9},8.5,"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[483,506,519,532],{"ecosystem":484,"name":485,"vendor":484,"product":485,"cpe_part":9,"purl_type":486,"purl_namespace":9,"purl_name":485,"source":9,"versions":487},"PyPI","ansible","pypi",[488,496,500,503],{"version":489,"is_range":490,"range_type":491,"version_start":492,"version_start_type":493,"version_end":494,"version_end_type":495,"fixed_in":9},"gte2_8_0a1_lt2_8_9",true,"ecosystem","2.8.0a1","including","2.8.9","excluding",{"version":497,"is_range":490,"range_type":491,"version_start":498,"version_start_type":493,"version_end":499,"version_end_type":495,"fixed_in":9},"gte2_9_0a1_lt2_9_6","2.9.0a1","2.9.6",{"version":501,"is_range":490,"range_type":491,"version_start":9,"version_start_type":9,"version_end":502,"version_end_type":495,"fixed_in":9},"lt2_7_17","2.7.17",{"version":504,"is_range":490,"range_type":491,"version_start":505,"version_start_type":493,"version_end":499,"version_end_type":495,"fixed_in":9},"gte2_9_0_lt2_9_6","2.9.0",{"ecosystem":9,"name":507,"vendor":508,"product":485,"cpe_part":509,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":510},"Ansible","red hat","a",[511,513,515,517],{"version":512,"is_range":90,"range_type":102,"version_start":512,"version_start_type":493,"version_end":512,"version_end_type":493,"fixed_in":9},"2.7.17 and prior",{"version":514,"is_range":90,"range_type":102,"version_start":514,"version_start_type":493,"version_end":514,"version_end_type":493,"fixed_in":9},"2.8.9 and prior",{"version":516,"is_range":90,"range_type":102,"version_start":516,"version_start_type":493,"version_end":516,"version_end_type":493,"fixed_in":9},"2.9.6 and prior",{"version":518,"is_range":90,"range_type":102,"version_start":518,"version_start_type":493,"version_end":518,"version_end_type":493,"fixed_in":9},"fixed in 2.10",{"ecosystem":9,"name":520,"vendor":521,"product":522,"cpe_part":509,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":523},"ansible engine","redhat","ansible_engine",[524,527,530],{"version":525,"is_range":490,"range_type":526,"version_start":9,"version_start_type":9,"version_end":502,"version_end_type":495,"fixed_in":9},"lt2.7.17","cpe",{"version":528,"is_range":490,"range_type":526,"version_start":529,"version_start_type":493,"version_end":494,"version_end_type":495,"fixed_in":9},"gte2.8.0_lt2.8.9","2.8.0",{"version":531,"is_range":490,"range_type":526,"version_start":505,"version_start_type":493,"version_end":499,"version_end_type":495,"fixed_in":9},"gte2.9.0_lt2.9.6",{"ecosystem":9,"name":533,"vendor":521,"product":534,"cpe_part":509,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":535},"ansible tower","ansible_tower",[536,539,543,547],{"version":537,"is_range":490,"range_type":526,"version_start":9,"version_start_type":9,"version_end":538,"version_end_type":493,"fixed_in":9},"lte3.3.4","3.3.4",{"version":540,"is_range":490,"range_type":526,"version_start":541,"version_start_type":493,"version_end":542,"version_end_type":493,"fixed_in":9},"gte3.4.0_lte3.4.5","3.4.0","3.4.5",{"version":544,"is_range":490,"range_type":526,"version_start":545,"version_start_type":493,"version_end":546,"version_end_type":493,"fixed_in":9},"gte3.5.0_lte3.5.5","3.5.0","3.5.5",{"version":548,"is_range":490,"range_type":526,"version_start":549,"version_start_type":493,"version_end":550,"version_end_type":493,"fixed_in":9},"gte3.6.0_lte3.6.3","3.6.0","3.6.3"]