{"api_version":"1","generated_at":"2026-05-06T12:30:06+00:00","cve":"CVE-2020-21522","urls":{"html":"https://cve.report/CVE-2020-21522","api":"https://cve.report/api/cve/CVE-2020-21522.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-21522","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-21522"},"summary":{"title":"CVE-2020-21522","description":"An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-09-30 18:15:00","updated_at":"2020-10-13 16:50:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://github.com/halo-dev/halo/issues/418","name":"https://github.com/halo-dev/halo/issues/418","refsource":"MISC","tags":["Exploit","Issue Tracking","Third Party Advisory"],"title":"A Zip Slip Directory Traversal Vulnerability in the backend · Issue #418 · halo-dev/halo · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-21522","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-21522","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"21522","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"halo","cpe5":"halo","cpe6":"1.1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"21522","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"halo","cpe5":"halo","cpe6":"1.1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-21522","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/halo-dev/halo/issues/418","refsource":"MISC","name":"https://github.com/halo-dev/halo/issues/418"}]}},"nvd":{"publishedDate":"2020-09-30 18:15:00","lastModifiedDate":"2020-10-13 16:50:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:halo:halo:1.1.3:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"21522","Ordinal":"182931","Title":"CVE-2020-21522","CVE":"CVE-2020-21522","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"21522","Ordinal":"1","NoteData":"An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"21522","Ordinal":"2","NoteData":"2020-09-30","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"21522","Ordinal":"3","NoteData":"2020-09-30","Type":"Other","Title":"Modified"}]}}}