[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-8201":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":29,"downstream":30,"duplicates":51,"related":52,"reserved_at":9,"published_at":57,"modified_at":58,"state":59,"summary":60,"references_raw":69,"kevs":103,"epss":104,"epss_history":107,"metrics":375,"affected":386},"CVE-2020-8201","Node.js \u003C 12.18.4 and \u003C 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[],[],[31,33,35,37,39,41,43,45,47,49],{"_key":32},"ALPINE-CVE-2020-8201",{"_key":34},"UBUNTU-CVE-2020-8201",{"_key":36},"SUSE-SU-2020:2812-1",{"_key":38},"SUSE-SU-2020:2813-1",{"_key":40},"OPENSUSE-SU-2020:1616-1",{"_key":42},"OPENSUSE-SU-2024:11096-1",{"_key":44},"DEBIAN-CVE-2020-8201",{"_key":46},"RHSA-2020:4272",{"_key":48},"RHSA-2020:4903",{"_key":50},"RHSA-2020:5086",[],[53,54,55,56],{"_key":36},{"_key":38},{"_key":40},{"_key":42},"2020-09-18T20:12:43.000Z","2025-04-30T22:24:25.163Z","Modified",{"cisa_kev":61,"cisa_ransomware":61,"cisa_vendor":9,"epss_severity":62,"epss_score":63,"severity":64,"severity_score":65,"severity_version":66,"severity_source":67,"severity_vector":68,"severity_status":59},false,"low",0.00632,"high",7.4,"v3.1","nvd","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",[70,77,82,88,93,98],{"url":71,"sources":72,"tags":74},"https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/",[73,67],"cve.org",[75,76],"X Refsource MISC","Vendor Advisory",{"url":78,"sources":79,"tags":80},"https://hackerone.com/reports/922597",[73,67],[75,81],"Permissions Required",{"url":83,"sources":84,"tags":85},"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html",[73,67],[76,86,87],"X Refsource SUSE","Third Party Advisory",{"url":89,"sources":90,"tags":91},"https://security.netapp.com/advisory/ntap-20201009-0004/",[73,67],[92,87],"X Refsource CONFIRM",{"url":94,"sources":95,"tags":96},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/",[73,67],[76,97],"X Refsource FEDORA",{"url":99,"sources":100,"tags":101},"https://security.gentoo.org/glsa/202101-07",[73,67],[76,102,87],"X Refsource GENTOO",[],{"date":105,"score":63,"percentile":106},"2026-06-04",0.70722,[108,111,114,117,120,122,124,127,129,132,135,138,141,144,147,151,154,157,160,163,165,168,171,174,177,180,183,186,190,193,196,199,202,205,208,211,213,216,219,222,225,228,231,234,237,240,243,246,249,252,254,258,261,264,267,270,273,276,279,283,286,289,292,295,298,301,304,307,310,313,315,318,321,324,327,330,333,335,338,341,344,347,351,354,357,360,363,366,368,371],{"date":109,"score":63,"percentile":110},"2025-11-04",0.69511,{"date":112,"score":63,"percentile":113},"2025-11-05",0.69498,{"date":115,"score":63,"percentile":116},"2025-11-06",0.69496,{"date":118,"score":63,"percentile":119},"2025-11-07",0.69508,{"date":121,"score":63,"percentile":119},"2025-11-08",{"date":123,"score":63,"percentile":113},"2025-11-09",{"date":125,"score":63,"percentile":126},"2025-11-10",0.69489,{"date":128,"score":63,"percentile":113},"2025-11-11",{"date":130,"score":63,"percentile":131},"2025-11-12",0.69522,{"date":133,"score":63,"percentile":134},"2025-11-13",0.69529,{"date":136,"score":63,"percentile":137},"2025-11-14",0.69536,{"date":139,"score":63,"percentile":140},"2025-11-15",0.69533,{"date":142,"score":63,"percentile":143},"2025-11-16",0.69528,{"date":145,"score":63,"percentile":146},"2025-11-17",0.69525,{"date":148,"score":149,"percentile":150},"2025-11-18",0.0044,0.60511,{"date":152,"score":149,"percentile":153},"2025-11-19",0.60522,{"date":155,"score":149,"percentile":156},"2025-11-20",0.60512,{"date":158,"score":63,"percentile":159},"2025-11-21",0.69542,{"date":161,"score":63,"percentile":162},"2025-11-22",0.69538,{"date":164,"score":63,"percentile":146},"2025-11-23",{"date":166,"score":63,"percentile":167},"2025-11-24",0.69516,{"date":169,"score":63,"percentile":170},"2025-11-25",0.69518,{"date":172,"score":63,"percentile":173},"2025-11-26",0.69524,{"date":175,"score":63,"percentile":176},"2025-11-27",0.69523,{"date":178,"score":63,"percentile":179},"2025-11-28",0.69513,{"date":181,"score":63,"percentile":182},"2025-11-29",0.695,{"date":184,"score":63,"percentile":185},"2025-11-30",0.69495,{"date":187,"score":188,"percentile":189},"2025-12-01",0.0055,0.67205,{"date":191,"score":188,"percentile":192},"2025-12-02",0.67213,{"date":194,"score":188,"percentile":195},"2025-12-03",0.6721,{"date":197,"score":63,"percentile":198},"2025-12-04",0.69488,{"date":200,"score":63,"percentile":201},"2025-12-05",0.69503,{"date":203,"score":63,"percentile":204},"2025-12-06",0.69506,{"date":206,"score":63,"percentile":207},"2025-12-07",0.69502,{"date":209,"score":63,"percentile":210},"2025-12-08",0.69507,{"date":212,"score":63,"percentile":162},"2025-12-09",{"date":214,"score":63,"percentile":215},"2025-12-10",0.6958,{"date":217,"score":63,"percentile":218},"2025-12-11",0.69601,{"date":220,"score":63,"percentile":221},"2025-12-12",0.6963,{"date":223,"score":63,"percentile":224},"2025-12-13",0.69632,{"date":226,"score":63,"percentile":227},"2025-12-14",0.69635,{"date":229,"score":63,"percentile":230},"2025-12-15",0.69631,{"date":232,"score":63,"percentile":233},"2025-12-16",0.69639,{"date":235,"score":63,"percentile":236},"2025-12-17",0.69653,{"date":238,"score":63,"percentile":239},"2025-12-18",0.69683,{"date":241,"score":63,"percentile":242},"2025-12-19",0.697,{"date":244,"score":63,"percentile":245},"2025-12-20",0.69697,{"date":247,"score":63,"percentile":248},"2025-12-21",0.69687,{"date":250,"score":63,"percentile":251},"2025-12-22",0.69685,{"date":253,"score":63,"percentile":251},"2025-12-23",{"date":255,"score":256,"percentile":257},"2025-12-24",0.00501,0.65282,{"date":259,"score":256,"percentile":260},"2025-12-25",0.65308,{"date":262,"score":256,"percentile":263},"2025-12-26",0.65307,{"date":265,"score":256,"percentile":266},"2025-12-27",0.65352,{"date":268,"score":256,"percentile":269},"2025-12-28",0.65283,{"date":271,"score":256,"percentile":272},"2025-12-29",0.65274,{"date":274,"score":256,"percentile":275},"2025-12-30",0.65291,{"date":277,"score":256,"percentile":278},"2025-12-31",0.65316,{"date":280,"score":281,"percentile":282},"2026-01-01",0.00421,0.61654,{"date":284,"score":281,"percentile":285},"2026-01-02",0.61642,{"date":287,"score":281,"percentile":288},"2026-01-03",0.61638,{"date":290,"score":256,"percentile":291},"2026-01-04",0.65315,{"date":293,"score":256,"percentile":294},"2026-01-05",0.65302,{"date":296,"score":256,"percentile":297},"2026-01-06",0.65299,{"date":299,"score":256,"percentile":300},"2026-01-07",0.65319,{"date":302,"score":256,"percentile":303},"2026-01-08",0.65335,{"date":305,"score":256,"percentile":306},"2026-01-09",0.65339,{"date":308,"score":256,"percentile":309},"2026-01-10",0.65336,{"date":311,"score":256,"percentile":312},"2026-01-11",0.65323,{"date":314,"score":256,"percentile":260},"2026-01-12",{"date":316,"score":256,"percentile":317},"2026-01-13",0.65306,{"date":319,"score":256,"percentile":320},"2026-01-14",0.65341,{"date":322,"score":256,"percentile":323},"2026-01-15",0.65361,{"date":325,"score":256,"percentile":326},"2026-01-16",0.65379,{"date":328,"score":256,"percentile":329},"2026-01-17",0.65365,{"date":331,"score":256,"percentile":332},"2026-01-18",0.65347,{"date":334,"score":256,"percentile":309},"2026-01-19",{"date":336,"score":256,"percentile":337},"2026-01-20",0.65349,{"date":339,"score":256,"percentile":340},"2026-01-21",0.6536,{"date":342,"score":256,"percentile":343},"2026-01-22",0.6537,{"date":345,"score":256,"percentile":346},"2026-01-23",0.65404,{"date":348,"score":349,"percentile":350},"2026-01-24",0.00258,0.48955,{"date":352,"score":349,"percentile":353},"2026-01-25",0.48904,{"date":355,"score":349,"percentile":356},"2026-01-26",0.48874,{"date":358,"score":349,"percentile":359},"2026-01-27",0.4888,{"date":361,"score":349,"percentile":362},"2026-01-28",0.48892,{"date":364,"score":349,"percentile":365},"2026-01-29",0.48884,{"date":367,"score":349,"percentile":362},"2026-01-30",{"date":369,"score":349,"percentile":370},"2026-01-31",0.48899,{"date":372,"score":373,"percentile":374},"2026-02-01",0.00267,0.50003,[376],{"source":67,"cvss_v2_0":377,"cvss_v3_0":9,"cvss_v3_1":382,"cvss_v4_0":9},{"baseScore":378,"baseSeverity":9,"vectorString":379,"impactScore":380,"exploitabilityScore":381},5.8,"AV:N/AC:M/Au:N/C:P/I:P/A:N",4.9,8.6,{"baseScore":65,"baseSeverity":383,"vectorString":68,"impactScore":384,"exploitabilityScore":385},"HIGH",8.7,5.6,[387,395,443,452],{"ecosystem":9,"name":388,"vendor":389,"product":388,"cpe_part":390,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":391},"fedora","fedoraproject","o",[392],{"version":393,"is_range":61,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33","cpe",{"ecosystem":9,"name":396,"vendor":397,"product":396,"cpe_part":398,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":399},"node","nodejs","a",[400,407,411,415,419,423,427,431,435,439],{"version":401,"is_range":402,"range_type":73,"version_start":403,"version_start_type":404,"version_end":405,"version_end_type":406,"fixed_in":9},">= 4.0, \u003C 4.*",true,"4.0","including","4.*","excluding",{"version":408,"is_range":402,"range_type":73,"version_start":409,"version_start_type":404,"version_end":410,"version_end_type":406,"fixed_in":9},">= 5.0, \u003C 5.*","5.0","5.*",{"version":412,"is_range":402,"range_type":73,"version_start":413,"version_start_type":404,"version_end":414,"version_end_type":406,"fixed_in":9},">= 6.0, \u003C 6.*","6.0","6.*",{"version":416,"is_range":402,"range_type":73,"version_start":417,"version_start_type":404,"version_end":418,"version_end_type":406,"fixed_in":9},">= 7.0, \u003C 7.*","7.0","7.*",{"version":420,"is_range":402,"range_type":73,"version_start":421,"version_start_type":404,"version_end":422,"version_end_type":406,"fixed_in":9},">= 8.0, \u003C 8.*","8.0","8.*",{"version":424,"is_range":402,"range_type":73,"version_start":425,"version_start_type":404,"version_end":426,"version_end_type":406,"fixed_in":9},">= 9.0, \u003C 9.*","9.0","9.*",{"version":428,"is_range":402,"range_type":73,"version_start":429,"version_start_type":404,"version_end":430,"version_end_type":406,"fixed_in":9},">= 11.0, \u003C 11.*","11.0","11.*",{"version":432,"is_range":402,"range_type":73,"version_start":433,"version_start_type":404,"version_end":434,"version_end_type":406,"fixed_in":9},">= 12.0, \u003C 12.18.4","12.0","12.18.4",{"version":436,"is_range":402,"range_type":73,"version_start":437,"version_start_type":404,"version_end":438,"version_end_type":406,"fixed_in":9},">= 13.0, \u003C 13.*","13.0","13.*",{"version":440,"is_range":402,"range_type":73,"version_start":441,"version_start_type":404,"version_end":442,"version_end_type":406,"fixed_in":9},">= 14.0, \u003C 14.11.0","14.0","14.11.0",{"ecosystem":9,"name":444,"vendor":397,"product":444,"cpe_part":398,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":445},"node.js",[446,449],{"version":447,"is_range":402,"range_type":394,"version_start":448,"version_start_type":404,"version_end":434,"version_end_type":406,"fixed_in":9},"gte12.0.0_lt12.18.4","12.0.0",{"version":450,"is_range":402,"range_type":394,"version_start":451,"version_start_type":404,"version_end":442,"version_end_type":406,"fixed_in":9},"gte14.0.0_lt14.11.0","14.0.0",{"ecosystem":9,"name":453,"vendor":454,"product":453,"cpe_part":390,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":455},"leap","opensuse",[456],{"version":457,"is_range":61,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.2"]