{"api_version":"1","generated_at":"2026-04-22T23:08:38+00:00","cve":"CVE-2020-21699","urls":{"html":"https://cve.report/CVE-2020-21699","api":"https://cve.report/api/cve/CVE-2020-21699.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-21699","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-21699"},"summary":{"title":"CVE-2020-21699","description":"The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-08-22 19:16:00","updated_at":"2023-11-07 03:19:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://github.com/ZxDecide/Nginx-variants/blob/master/%E9%99%84%E4%BB%B6%28Tengine%29.docx","name":"https://github.com/ZxDecide/Nginx-variants/blob/master/%E9%99%84%E4%BB%B6%28Tengine%29.docx","refsource":"","tags":[],"title":"Nginx-variants/附件(Tengine).docx at master · ZxDecide/Nginx-variants · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/ZxDecide/Nginx-variants/blob/master/%E9%99%84%E4%BB%B6(Tengine).docx","name":"https://github.com/ZxDecide/Nginx-variants/blob/master/%E9%99%84%E4%BB%B6(Tengine).docx","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-21699","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-21699","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"21699","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"alibaba","cpe5":"tengine","cpe6":"2.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"nginx","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-21699","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/ZxDecide/Nginx-variants/blob/master/%E9%99%84%E4%BB%B6(Tengine).docx","refsource":"MISC","name":"https://github.com/ZxDecide/Nginx-variants/blob/master/%E9%99%84%E4%BB%B6(Tengine).docx"}]}},"nvd":{"publishedDate":"2023-08-22 19:16:00","lastModifiedDate":"2023-11-07 03:19:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:alibaba:tengine:2.2.2:*:*:*:*:nginx:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"21699","Ordinal":"183108","Title":"CVE-2020-21699","CVE":"CVE-2020-21699","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"21699","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}