[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-36241":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-07T21:11:43.830Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":61,"aliases":71,"duplicate_of":9,"upstream":72,"downstream":73,"duplicates":88,"related":89,"reserved_at":9,"published_at":95,"modified_at":96,"state":97,"summary":98,"references_raw":106,"kevs":131,"epss":132,"epss_history":135,"metrics":401,"affected":412},"CVE-2020-36241","autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.",null,[11,40],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],{"_key":41,"id":41,"name":42,"description":43,"type":15,"status":44,"abstraction":17,"likelihood_of_exploit":45,"capec":46},"CWE-59","Improper Link Resolution Before File Access ('Link Following')","The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","Draft","Medium",[47,51,55,59],{"id":48,"name":49,"techniques":50},"CAPEC-132","Symlink Attack",[],{"id":52,"name":53,"techniques":54},"CAPEC-17","Using Malicious Files",[],{"id":56,"name":57,"techniques":58},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[],{"id":29,"name":30,"techniques":60},[],[62],{"_key":63,"name":64,"source":65,"url":66,"maturity":67,"reliability_score":68,"verified":69,"type":9,"platforms":70,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_5BE3A2ACF86D5642","Exploit Reference (gitlab.gnome.org)","reference","https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7","unknown",0.2,false,[],[],[],[74,76,78,80,82,84,86],{"_key":75},"RHSA-2021:4381",{"_key":77},"DEBIAN-CVE-2020-36241",{"_key":79},"SUSE-SU-2021:0664-1",{"_key":81},"SUSE-SU-2021:0687-1",{"_key":83},"UBUNTU-CVE-2020-36241",{"_key":85},"USN-4733-1",{"_key":87},"OPENSUSE-SU-2021:0390-1",[],[90,92,93,94],{"_key":91},"MGASA-2021-0111",{"_key":79},{"_key":81},{"_key":87},"2021-02-05T07:11:07.000Z","2024-08-04T17:23:09.861Z","Modified",{"cisa_kev":69,"cisa_ransomware":69,"cisa_vendor":9,"epss_severity":99,"epss_score":100,"severity":101,"severity_score":102,"severity_version":103,"severity_source":104,"severity_vector":105,"severity_status":97},"low",0.00175,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",[107,115,120,125],{"url":66,"sources":108,"tags":110},[109,104],"cve.org",[111,112,113,114],"X Refsource MISC","Exploit","Issue Tracking","Vendor Advisory",{"url":116,"sources":117,"tags":118},"https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429",[109,104],[111,119,114],"Patch",{"url":121,"sources":122,"tags":123},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN5TVQ7OHZEGY6AGFLAZWCVCI53RYNHQ/",[109,104],[114,124],"X Refsource FEDORA",{"url":126,"sources":127,"tags":128},"https://security.gentoo.org/glsa/202105-10",[109,104],[114,129,130],"X Refsource GENTOO","Third Party Advisory",[],{"date":133,"score":100,"percentile":134},"2026-04-07",0.38961,[136,139,142,145,148,151,154,157,160,163,166,169,172,175,178,182,185,188,191,194,197,200,203,206,209,212,215,218,221,224,227,230,233,236,239,242,244,247,250,253,256,259,262,264,267,270,273,276,279,282,285,288,291,294,297,300,302,305,307,310,313,316,319,322,325,328,331,334,337,339,342,345,348,351,354,357,360,363,366,369,372,375,378,381,384,387,390,393,395,398],{"date":137,"score":100,"percentile":138},"2025-11-04",0.39357,{"date":140,"score":100,"percentile":141},"2025-11-05",0.39346,{"date":143,"score":100,"percentile":144},"2025-11-06",0.39348,{"date":146,"score":100,"percentile":147},"2025-11-07",0.39373,{"date":149,"score":100,"percentile":150},"2025-11-08",0.39366,{"date":152,"score":100,"percentile":153},"2025-11-09",0.3935,{"date":155,"score":100,"percentile":156},"2025-11-10",0.39315,{"date":158,"score":100,"percentile":159},"2025-11-11",0.39333,{"date":161,"score":100,"percentile":162},"2025-11-12",0.39376,{"date":164,"score":100,"percentile":165},"2025-11-13",0.39389,{"date":167,"score":100,"percentile":168},"2025-11-14",0.39391,{"date":170,"score":100,"percentile":171},"2025-11-15",0.39386,{"date":173,"score":100,"percentile":174},"2025-11-16",0.39368,{"date":176,"score":100,"percentile":177},"2025-11-17",0.39342,{"date":179,"score":180,"percentile":181},"2025-11-18",0.00089,0.21564,{"date":183,"score":180,"percentile":184},"2025-11-19",0.21575,{"date":186,"score":180,"percentile":187},"2025-11-20",0.21554,{"date":189,"score":100,"percentile":190},"2025-11-21",0.39343,{"date":192,"score":100,"percentile":193},"2025-11-22",0.39344,{"date":195,"score":100,"percentile":196},"2025-11-23",0.39314,{"date":198,"score":100,"percentile":199},"2025-11-24",0.39304,{"date":201,"score":100,"percentile":202},"2025-11-25",0.39316,{"date":204,"score":100,"percentile":205},"2025-11-26",0.39309,{"date":207,"score":100,"percentile":208},"2025-11-27",0.39317,{"date":210,"score":100,"percentile":211},"2025-11-28",0.39293,{"date":213,"score":100,"percentile":214},"2025-11-29",0.39269,{"date":216,"score":100,"percentile":217},"2025-11-30",0.39248,{"date":219,"score":100,"percentile":220},"2025-12-01",0.3937,{"date":222,"score":100,"percentile":223},"2025-12-02",0.39382,{"date":225,"score":100,"percentile":226},"2025-12-03",0.39381,{"date":228,"score":100,"percentile":229},"2025-12-04",0.39247,{"date":231,"score":100,"percentile":232},"2025-12-05",0.3928,{"date":234,"score":100,"percentile":235},"2025-12-06",0.39279,{"date":237,"score":100,"percentile":238},"2025-12-07",0.39256,{"date":240,"score":100,"percentile":241},"2025-12-08",0.39272,{"date":243,"score":100,"percentile":205},"2025-12-09",{"date":245,"score":100,"percentile":246},"2025-12-10",0.39371,{"date":248,"score":100,"percentile":249},"2025-12-11",0.39399,{"date":251,"score":100,"percentile":252},"2025-12-12",0.39434,{"date":254,"score":100,"percentile":255},"2025-12-13",0.39413,{"date":257,"score":100,"percentile":258},"2025-12-14",0.39375,{"date":260,"score":100,"percentile":261},"2025-12-15",0.39352,{"date":263,"score":100,"percentile":223},"2025-12-16",{"date":265,"score":100,"percentile":266},"2025-12-17",0.39427,{"date":268,"score":100,"percentile":269},"2025-12-18",0.39474,{"date":271,"score":100,"percentile":272},"2025-12-19",0.39489,{"date":274,"score":100,"percentile":275},"2025-12-20",0.39464,{"date":277,"score":100,"percentile":278},"2025-12-21",0.39419,{"date":280,"score":100,"percentile":281},"2025-12-22",0.3939,{"date":283,"score":100,"percentile":284},"2025-12-23",0.39395,{"date":286,"score":100,"percentile":287},"2025-12-24",0.39411,{"date":289,"score":100,"percentile":290},"2025-12-25",0.39463,{"date":292,"score":100,"percentile":293},"2025-12-26",0.39443,{"date":295,"score":100,"percentile":296},"2025-12-27",0.39465,{"date":298,"score":100,"percentile":299},"2025-12-28",0.39361,{"date":301,"score":100,"percentile":159},"2025-12-29",{"date":303,"score":100,"percentile":304},"2025-12-30",0.39321,{"date":306,"score":100,"percentile":162},"2025-12-31",{"date":308,"score":100,"percentile":309},"2026-01-01",0.39526,{"date":311,"score":100,"percentile":312},"2026-01-02",0.39503,{"date":314,"score":100,"percentile":315},"2026-01-03",0.39495,{"date":317,"score":100,"percentile":318},"2026-01-04",0.39328,{"date":320,"score":100,"percentile":321},"2026-01-05",0.39303,{"date":323,"score":100,"percentile":324},"2026-01-06",0.39308,{"date":326,"score":100,"percentile":327},"2026-01-07",0.39331,{"date":329,"score":100,"percentile":330},"2026-01-08",0.39354,{"date":332,"score":100,"percentile":333},"2026-01-09",0.3934,{"date":335,"score":100,"percentile":336},"2026-01-10",0.39339,{"date":338,"score":100,"percentile":202},"2026-01-11",{"date":340,"score":100,"percentile":341},"2026-01-12",0.39266,{"date":343,"score":100,"percentile":344},"2026-01-13",0.39249,{"date":346,"score":100,"percentile":347},"2026-01-14",0.393,{"date":349,"score":100,"percentile":350},"2026-01-15",0.39292,{"date":352,"score":100,"percentile":353},"2026-01-16",0.39313,{"date":355,"score":100,"percentile":356},"2026-01-17",0.39284,{"date":358,"score":100,"percentile":359},"2026-01-18",0.39236,{"date":361,"score":100,"percentile":362},"2026-01-19",0.39207,{"date":364,"score":100,"percentile":365},"2026-01-20",0.39184,{"date":367,"score":100,"percentile":368},"2026-01-21",0.39179,{"date":370,"score":100,"percentile":371},"2026-01-22",0.3917,{"date":373,"score":100,"percentile":374},"2026-01-23",0.39232,{"date":376,"score":100,"percentile":377},"2026-01-24",0.39238,{"date":379,"score":100,"percentile":380},"2026-01-25",0.39191,{"date":382,"score":100,"percentile":383},"2026-01-26",0.39132,{"date":385,"score":100,"percentile":386},"2026-01-27",0.39131,{"date":388,"score":100,"percentile":389},"2026-01-28",0.39121,{"date":391,"score":100,"percentile":392},"2026-01-29",0.391,{"date":394,"score":100,"percentile":392},"2026-01-30",{"date":396,"score":100,"percentile":397},"2026-01-31",0.39107,{"date":399,"score":100,"percentile":400},"2026-02-01",0.39212,[402],{"source":104,"cvss_v2_0":403,"cvss_v3_0":9,"cvss_v3_1":408,"cvss_v4_0":9},{"baseScore":404,"baseSeverity":9,"vectorString":405,"impactScore":406,"exploitabilityScore":407},2.1,"AV:L/AC:L/Au:N/C:P/I:N/A:N",2.9,3.9,{"baseScore":102,"baseSeverity":409,"vectorString":105,"impactScore":410,"exploitabilityScore":411},"MEDIUM",6,4.6,[413,421],{"ecosystem":9,"name":414,"vendor":415,"product":414,"cpe_part":416,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":417},"fedora","fedoraproject","o",[418],{"version":419,"is_range":69,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"34","cpe",{"ecosystem":9,"name":422,"vendor":423,"product":422,"cpe_part":424,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":425},"gnome-autoar","gnome","a",[426],{"version":427,"is_range":428,"range_type":420,"version_start":9,"version_start_type":9,"version_end":429,"version_end_type":430,"fixed_in":9},"lte0.2.4",true,"0.2.4","including"]