[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-1946":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":42,"downstream":43,"duplicates":72,"related":73,"reserved_at":9,"published_at":80,"modified_at":81,"state":82,"summary":83,"references_raw":92,"kevs":130,"epss":131,"epss_history":134,"metrics":395,"affected":402},"CVE-2020-1946","In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-78","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":33,"name":34,"techniques":35},"CAPEC-6","Argument Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-88","OS Command Injection",[],[],[],[],[44,46,48,50,52,54,56,58,60,62,64,66,68,70],{"_key":45},"ALPINE-CVE-2020-1946",{"_key":47},"SUSE-SU-2021:1163-1",{"_key":49},"RHSA-2021:4315",{"_key":51},"SUSE-SU-2021:1152-1",{"_key":53},"SUSE-SU-2021:1153-1",{"_key":55},"UBUNTU-CVE-2020-1946",{"_key":57},"USN-4899-1",{"_key":59},"USN-4899-2",{"_key":61},"OPENSUSE-SU-2021:0551-1",{"_key":63},"OPENSUSE-SU-2024:11395-1",{"_key":65},"DLA-2615-1",{"_key":67},"DSA-4879-1",{"_key":69},"MGASA-2021-0182",{"_key":71},"DEBIAN-CVE-2020-1946",[],[74,75,76,77,78,79],{"_key":47},{"_key":51},{"_key":53},{"_key":61},{"_key":63},{"_key":69},"2021-03-25T09:20:11.000Z","2025-02-13T16:27:40.012Z","Modified",{"cisa_kev":84,"cisa_ransomware":84,"cisa_vendor":9,"epss_severity":85,"epss_score":86,"severity":87,"severity_score":88,"severity_version":89,"severity_source":90,"severity_vector":91,"severity_status":82},false,"low",0.03407,"high",10,"v2.0","nvd","AV:N/AC:L/Au:N/C:C/I:C/A:C",[93,101,107,112,117,121,125],{"url":94,"sources":95,"tags":97},"https://s.apache.org/3r1wh",[96,90],"cve.org",[98,99,100],"X Refsource MISC","Mailing List","Vendor Advisory",{"url":102,"sources":103,"tags":104},"https://www.debian.org/security/2021/dsa-4879",[96,90],[100,105,106],"X Refsource DEBIAN","Third Party Advisory",{"url":108,"sources":109,"tags":110},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V2SBVTKVLFFT36ECJQ7TQ7KAQCQZDRZ/",[96,90],[100,111],"X Refsource FEDORA",{"url":113,"sources":114,"tags":115},"https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html",[96,90],[99,116,106],"X Refsource MLIST",{"url":118,"sources":119,"tags":120},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFBFRIG5TX23NF4ND6OAKKY7I6TLRCCP/",[96,90],[100,111],{"url":122,"sources":123,"tags":124},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKAXYBKBMQOLIW6UKASJCAZRBOIYS4RL/",[96,90],[100,111],{"url":126,"sources":127,"tags":128},"https://security.gentoo.org/glsa/202105-26",[96,90],[100,129,106],"X Refsource GENTOO",[],{"date":132,"score":86,"percentile":133},"2026-06-04",0.87648,[135,139,142,145,148,151,154,157,159,162,165,168,171,174,176,180,183,186,189,192,195,198,201,204,207,210,212,215,218,221,223,225,228,231,234,237,240,243,246,249,252,254,257,260,263,266,269,272,275,278,281,284,287,290,294,297,300,303,306,309,312,315,318,321,324,326,328,330,332,335,338,340,343,346,349,352,355,358,360,363,366,369,372,375,378,381,384,387,389,392],{"date":136,"score":137,"percentile":138},"2025-11-04",0.01495,0.80467,{"date":140,"score":137,"percentile":141},"2025-11-05",0.80469,{"date":143,"score":137,"percentile":144},"2025-11-06",0.8047,{"date":146,"score":137,"percentile":147},"2025-11-07",0.80481,{"date":149,"score":137,"percentile":150},"2025-11-08",0.80487,{"date":152,"score":137,"percentile":153},"2025-11-09",0.80483,{"date":155,"score":137,"percentile":156},"2025-11-10",0.80478,{"date":158,"score":137,"percentile":147},"2025-11-11",{"date":160,"score":137,"percentile":161},"2025-11-12",0.80495,{"date":163,"score":137,"percentile":164},"2025-11-13",0.80501,{"date":166,"score":137,"percentile":167},"2025-11-14",0.80508,{"date":169,"score":137,"percentile":170},"2025-11-15",0.80505,{"date":172,"score":137,"percentile":173},"2025-11-16",0.80504,{"date":175,"score":137,"percentile":170},"2025-11-17",{"date":177,"score":178,"percentile":179},"2025-11-18",0.14676,0.93865,{"date":181,"score":178,"percentile":182},"2025-11-19",0.93868,{"date":184,"score":178,"percentile":185},"2025-11-20",0.93873,{"date":187,"score":137,"percentile":188},"2025-11-21",0.80526,{"date":190,"score":137,"percentile":191},"2025-11-22",0.80529,{"date":193,"score":137,"percentile":194},"2025-11-23",0.8052,{"date":196,"score":137,"percentile":197},"2025-11-24",0.80522,{"date":199,"score":137,"percentile":200},"2025-11-25",0.80525,{"date":202,"score":137,"percentile":203},"2025-11-26",0.80527,{"date":205,"score":137,"percentile":206},"2025-11-27",0.80532,{"date":208,"score":137,"percentile":209},"2025-11-28",0.80523,{"date":211,"score":137,"percentile":188},"2025-11-29",{"date":213,"score":137,"percentile":214},"2025-11-30",0.80531,{"date":216,"score":137,"percentile":217},"2025-12-01",0.80617,{"date":219,"score":137,"percentile":220},"2025-12-02",0.8062,{"date":222,"score":137,"percentile":220},"2025-12-03",{"date":224,"score":137,"percentile":206},"2025-12-04",{"date":226,"score":137,"percentile":227},"2025-12-05",0.80539,{"date":229,"score":137,"percentile":230},"2025-12-06",0.80542,{"date":232,"score":137,"percentile":233},"2025-12-07",0.80544,{"date":235,"score":137,"percentile":236},"2025-12-08",0.80548,{"date":238,"score":137,"percentile":239},"2025-12-09",0.80561,{"date":241,"score":137,"percentile":242},"2025-12-10",0.80586,{"date":244,"score":137,"percentile":245},"2025-12-11",0.80598,{"date":247,"score":137,"percentile":248},"2025-12-12",0.80614,{"date":250,"score":137,"percentile":251},"2025-12-13",0.80615,{"date":253,"score":137,"percentile":251},"2025-12-14",{"date":255,"score":137,"percentile":256},"2025-12-15",0.80612,{"date":258,"score":137,"percentile":259},"2025-12-16",0.80622,{"date":261,"score":137,"percentile":262},"2025-12-17",0.80632,{"date":264,"score":137,"percentile":265},"2025-12-18",0.80652,{"date":267,"score":137,"percentile":268},"2025-12-19",0.80659,{"date":270,"score":137,"percentile":271},"2025-12-20",0.8065,{"date":273,"score":137,"percentile":274},"2025-12-21",0.80644,{"date":276,"score":137,"percentile":277},"2025-12-22",0.80643,{"date":279,"score":137,"percentile":280},"2025-12-23",0.80645,{"date":282,"score":137,"percentile":283},"2025-12-24",0.80663,{"date":285,"score":137,"percentile":286},"2025-12-25",0.8068,{"date":288,"score":137,"percentile":289},"2025-12-26",0.80681,{"date":291,"score":292,"percentile":293},"2025-12-27",0.02006,0.83278,{"date":295,"score":137,"percentile":296},"2025-12-28",0.80669,{"date":298,"score":137,"percentile":299},"2025-12-29",0.80666,{"date":301,"score":137,"percentile":302},"2025-12-30",0.80671,{"date":304,"score":137,"percentile":305},"2025-12-31",0.80685,{"date":307,"score":137,"percentile":308},"2026-01-01",0.80767,{"date":310,"score":137,"percentile":311},"2026-01-02",0.80763,{"date":313,"score":137,"percentile":314},"2026-01-03",0.80758,{"date":316,"score":137,"percentile":317},"2026-01-04",0.80668,{"date":319,"score":137,"percentile":320},"2026-01-05",0.80662,{"date":322,"score":137,"percentile":323},"2026-01-06",0.80667,{"date":325,"score":137,"percentile":296},"2026-01-07",{"date":327,"score":137,"percentile":286},"2026-01-08",{"date":329,"score":137,"percentile":286},"2026-01-09",{"date":331,"score":137,"percentile":286},"2026-01-10",{"date":333,"score":137,"percentile":334},"2026-01-11",0.80672,{"date":336,"score":137,"percentile":337},"2026-01-12",0.80664,{"date":339,"score":137,"percentile":320},"2026-01-13",{"date":341,"score":137,"percentile":342},"2026-01-14",0.80684,{"date":344,"score":137,"percentile":345},"2026-01-15",0.80683,{"date":347,"score":137,"percentile":348},"2026-01-16",0.80694,{"date":350,"score":137,"percentile":351},"2026-01-17",0.807,{"date":353,"score":137,"percentile":354},"2026-01-18",0.80689,{"date":356,"score":137,"percentile":357},"2026-01-19",0.80682,{"date":359,"score":137,"percentile":305},"2026-01-20",{"date":361,"score":137,"percentile":362},"2026-01-21",0.80692,{"date":364,"score":137,"percentile":365},"2026-01-22",0.80702,{"date":367,"score":137,"percentile":368},"2026-01-23",0.80726,{"date":370,"score":137,"percentile":371},"2026-01-24",0.80735,{"date":373,"score":137,"percentile":374},"2026-01-25",0.80727,{"date":376,"score":137,"percentile":377},"2026-01-26",0.80728,{"date":379,"score":137,"percentile":380},"2026-01-27",0.80732,{"date":382,"score":137,"percentile":383},"2026-01-28",0.80731,{"date":385,"score":137,"percentile":386},"2026-01-29",0.8073,{"date":388,"score":137,"percentile":386},"2026-01-30",{"date":390,"score":137,"percentile":391},"2026-01-31",0.80737,{"date":393,"score":137,"percentile":394},"2026-02-01",0.80825,[396],{"source":90,"cvss_v2_0":397,"cvss_v3_0":9,"cvss_v3_1":398,"cvss_v4_0":9},{"baseScore":88,"baseSeverity":9,"vectorString":91,"impactScore":88,"exploitabilityScore":88},{"baseScore":399,"baseSeverity":400,"vectorString":401,"impactScore":399,"exploitabilityScore":88},9.8,"CRITICAL","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[403,415,422,432],{"ecosystem":9,"name":404,"vendor":405,"product":406,"cpe_part":407,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":408},"Apache SpamAssassin","apache software foundation","apache spamassassin","a",[409],{"version":410,"is_range":411,"range_type":96,"version_start":404,"version_start_type":412,"version_end":413,"version_end_type":414,"fixed_in":9},">= Apache SpamAssassin, \u003C 3.4.5",true,"including","3.4.5","excluding",{"ecosystem":9,"name":416,"vendor":417,"product":416,"cpe_part":407,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":418},"spamassassin","apache",[419],{"version":420,"is_range":411,"range_type":421,"version_start":9,"version_start_type":9,"version_end":413,"version_end_type":414,"fixed_in":9},"lt3.4.5","cpe",{"ecosystem":9,"name":423,"vendor":424,"product":425,"cpe_part":426,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":427},"debian linux","debian","debian_linux","o",[428,430],{"version":429,"is_range":84,"range_type":421,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"version":431,"is_range":84,"range_type":421,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":9,"name":433,"vendor":434,"product":433,"cpe_part":426,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":435},"fedora","fedoraproject",[436,438,440],{"version":437,"is_range":84,"range_type":421,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"32",{"version":439,"is_range":84,"range_type":421,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33",{"version":441,"is_range":84,"range_type":421,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"34"]