{"api_version":"1","generated_at":"2026-04-22T21:37:58+00:00","cve":"CVE-2020-8284","urls":{"html":"https://cve.report/CVE-2020-8284","api":"https://cve.report/api/cve/CVE-2020-8284.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-8284","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-8284"},"summary":{"title":"CVE-2020-8284","description":"A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.","state":"PUBLISHED","assigner":"hackerone","published_at":"2020-12-14 20:15:13","updated_at":"2026-04-16 15:16:42"},"problem_types":["CWE-200","NVD-CWE-noinfo","CWE-200 Information Disclosure (CWE-200)"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"3.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"3.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"3.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://curl.se/docs/CVE-2020-8284.html","name":"https://curl.se/docs/CVE-2020-8284.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"curl - trusting FTP PASV responses - CVE-2020-8284","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20210122-0007/","name":"https://security.netapp.com/advisory/ntap-20210122-0007/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"December 2020 cURL/libcURL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - April 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","name":"https://www.oracle.com//security-alerts/cpujul2021.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - July 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 33 Update: curl-7.71.1-8.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html","name":"https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2500-1] curl security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202012-14","name":"https://security.gentoo.org/glsa/202012-14","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"cURL: Multiple vulnerabilities (GLSA 202012-14) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT212326","name":"https://support.apple.com/kb/HT212326","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"About the security content of Security Update 2021-002 Catalina - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","name":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - January 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","name":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - April 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT212325","name":"https://support.apple.com/kb/HT212325","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"About the security content of macOS Big Sur 11.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://hackerone.com/reports/1040166","name":"https://hackerone.com/reports/1040166","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT212327","name":"https://support.apple.com/kb/HT212327","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"About the security content of Security Update 2021-003 Mojave - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 32 Update: curl-7.69.1-7.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2021/dsa-4881","name":"https://www.debian.org/security/2021/dsa-4881","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-4881-1 curl","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/","name":"FEDORA:FEDORA-2020-7ab62c73bc","refsource":"MITRE","tags":[],"title":"[SECURITY] Fedora 32 Update: curl-7.69.1-7.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/","name":"FEDORA:FEDORA-2020-ceaf490686","refsource":"MITRE","tags":[],"title":"[SECURITY] Fedora 33 Update: curl-7.71.1-8.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-8284","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8284","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"https://github.com/curl/curl","version":"affected 7.73.0 and earlier","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"8284","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8284","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8284","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8284","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8284","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8284","vulnerable":"1","versionEndIncluding":"7.73.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8284","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"clustered_data_ontap","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8284","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"hci_bootstrap_os","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8284","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_compute_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8284","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"hci_management_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8284","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_storage_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8284","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-8284","qid":"159196","title":"Oracle Enterprise Linux Security Update for curl (ELSA-2021-1610)"},{"cve":"CVE-2020-8284","qid":"178522","title":"Debian Security Update for curl (DSA 4881-1)"},{"cve":"CVE-2020-8284","qid":"181247","title":"Debian Security Update for inetutils (DLA 3205-1)"},{"cve":"CVE-2020-8284","qid":"239328","title":"Red Hat Update for curl (RHSA-2021:1610)"},{"cve":"CVE-2020-8284","qid":"239451","title":"Red Hat Update for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 (RHSA-2021:2472)"},{"cve":"CVE-2020-8284","qid":"296067","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 33.94.0 Missing (CPUAPR2021)"},{"cve":"CVE-2020-8284","qid":"352506","title":"Amazon Linux Security Advisory for curl: ALAS2-2021-1693"},{"cve":"CVE-2020-8284","qid":"376053","title":"F5 BIG-IP Local Traffic Manager (LTM), Access Policy Manager (APM), Application Security Manager (ASM) cURL Vulnerability (K63525058)"},{"cve":"CVE-2020-8284","qid":"376969","title":"NetApp Clustered Data Open Network Technology for Appliance Products (ONTAP) Disclosure of Sensitive Information Vulnerability (NTAP-20210122-0007)"},{"cve":"CVE-2020-8284","qid":"377396","title":"Alibaba Cloud Linux Security Update for curl (ALINUX3-SA-2021:0078)"},{"cve":"CVE-2020-8284","qid":"378599","title":"Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)"},{"cve":"CVE-2020-8284","qid":"378883","title":"Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)"},{"cve":"CVE-2020-8284","qid":"44183","title":"Juniper Network Operating System (Junos OS) Multiple Security Vulnerabilites (JSA79108)"},{"cve":"CVE-2020-8284","qid":"500133","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2020-8284","qid":"501396","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2020-8284","qid":"503888","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2020-8284","qid":"591406","title":"Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)"},{"cve":"CVE-2020-8284","qid":"670356","title":"EulerOS Security Update for curl (EulerOS-SA-2021-1868)"},{"cve":"CVE-2020-8284","qid":"670383","title":"EulerOS Security Update for curl (EulerOS-SA-2021-1942)"},{"cve":"CVE-2020-8284","qid":"670404","title":"EulerOS Security Update for curl (EulerOS-SA-2021-1921)"},{"cve":"CVE-2020-8284","qid":"671343","title":"EulerOS Security Update for curl (EulerOS-SA-2022-1265)"},{"cve":"CVE-2020-8284","qid":"671718","title":"EulerOS Security Update for curl (EulerOS-SA-2022-1711)"},{"cve":"CVE-2020-8284","qid":"690348","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for curl (3c77f139-3a09-11eb-929d-d4c9ef517024)"},{"cve":"CVE-2020-8284","qid":"750055","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2021:1786-1)"},{"cve":"CVE-2020-8284","qid":"750490","title":"OpenSUSE Security Update for curl (openSUSE-SU-2020:2249-1)"},{"cve":"CVE-2020-8284","qid":"750492","title":"OpenSUSE Security Update for curl (openSUSE-SU-2020:2238-1)"},{"cve":"CVE-2020-8284","qid":"900155","title":"CBL-Mariner Linux Security Update for curl 7.68.0"},{"cve":"CVE-2020-8284","qid":"903483","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (3675)"},{"cve":"CVE-2020-8284","qid":"940000","title":"AlmaLinux Security Update for curl (ALSA-2021:1610)"},{"cve":"CVE-2020-8284","qid":"960740","title":"Rocky Linux Security Update for curl (RLSA-2021:1610)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-04T09:56:28.316Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://hackerone.com/reports/1040166"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://curl.se/docs/CVE-2020-8284.html"},{"name":"FEDORA-2020-ceaf490686","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"},{"name":"[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"},{"name":"FEDORA-2020-7ab62c73bc","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"},{"name":"GLSA-202012-14","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/202012-14"},{"name":"DSA-4881","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2021/dsa-4881"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20210122-0007/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.apple.com/kb/HT212325"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.apple.com/kb/HT212326"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.apple.com/kb/HT212327"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2020-8284","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-16T13:56:25.837320Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-16T13:59:17.253Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"https://github.com/curl/curl","vendor":"n/a","versions":[{"status":"affected","version":"7.73.0 and earlier"}]}],"descriptions":[{"lang":"en","value":"A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-200","description":"Information Disclosure (CWE-200)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-04-19T23:23:26.000Z","orgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","shortName":"hackerone"},"references":[{"tags":["x_refsource_MISC"],"url":"https://hackerone.com/reports/1040166"},{"tags":["x_refsource_MISC"],"url":"https://curl.se/docs/CVE-2020-8284.html"},{"name":"FEDORA-2020-ceaf490686","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"},{"name":"[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"},{"name":"FEDORA-2020-7ab62c73bc","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"},{"name":"GLSA-202012-14","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/202012-14"},{"name":"DSA-4881","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2021/dsa-4881"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20210122-0007/"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.apple.com/kb/HT212325"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.apple.com/kb/HT212326"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.apple.com/kb/HT212327"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"support@hackerone.com","ID":"CVE-2020-8284","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"https://github.com/curl/curl","version":{"version_data":[{"version_value":"7.73.0 and earlier"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information Disclosure (CWE-200)"}]}]},"references":{"reference_data":[{"name":"https://hackerone.com/reports/1040166","refsource":"MISC","url":"https://hackerone.com/reports/1040166"},{"name":"https://curl.se/docs/CVE-2020-8284.html","refsource":"MISC","url":"https://curl.se/docs/CVE-2020-8284.html"},{"name":"FEDORA-2020-ceaf490686","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"},{"name":"[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"},{"name":"FEDORA-2020-7ab62c73bc","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"},{"name":"GLSA-202012-14","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/202012-14"},{"name":"DSA-4881","refsource":"DEBIAN","url":"https://www.debian.org/security/2021/dsa-4881"},{"name":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"name":"https://security.netapp.com/advisory/ntap-20210122-0007/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20210122-0007/"},{"name":"https://support.apple.com/kb/HT212325","refsource":"CONFIRM","url":"https://support.apple.com/kb/HT212325"},{"name":"https://support.apple.com/kb/HT212326","refsource":"CONFIRM","url":"https://support.apple.com/kb/HT212326"},{"name":"https://support.apple.com/kb/HT212327","refsource":"CONFIRM","url":"https://support.apple.com/kb/HT212327"},{"name":"https://www.oracle.com//security-alerts/cpujul2021.html","refsource":"MISC","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"name":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"name":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","refsource":"CONFIRM","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}]}}}},"cveMetadata":{"assignerOrgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","assignerShortName":"hackerone","cveId":"CVE-2020-8284","datePublished":"2020-12-14T19:38:26.000Z","dateReserved":"2020-01-28T00:00:00.000Z","dateUpdated":"2026-04-16T13:59:17.253Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2020-12-14 20:15:13","lastModifiedDate":"2026-04-16 15:16:42","problem_types":["CWE-200","NVD-CWE-noinfo","CWE-200 Information Disclosure (CWE-200)"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionEndIncluding":"7.73.0","matchCriteriaId":"A4938AC8-A83F-48D8-861C-042B90B75CAA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","matchCriteriaId":"36D96259-24BD-44E2-96D9-78CE1D41F956"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","matchCriteriaId":"E460AA51-FCDA-46B9-AE97-E6676AA5E194"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","matchCriteriaId":"1FE996B1-6951-4F85-AA58-B99A379D2163"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*","matchCriteriaId":"A3C19813-E823-456A-B1CE-EC0684CE1953"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*","matchCriteriaId":"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"},{"vulnerable":true,"criteria":"cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*","matchCriteriaId":"02DEB4FB-A21D-4CB1-B522-EEE5093E8521"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*","matchCriteriaId":"1C767AA1-88B7-48F0-9F31-A89D16DCD52C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*","matchCriteriaId":"AD7447BC-F315-4298-A822-549942FC118B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionStartIncluding":"10.14.0","versionEndExcluding":"10.14.6","matchCriteriaId":"3E76BECE-0843-4B9F-90DE-7690764701B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionStartIncluding":"10.15","versionEndExcluding":"10.15.7","matchCriteriaId":"DB8A73F8-3074-4B32-B9F6-343B6B1988C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*","matchCriteriaId":"CFE26ECC-A2C2-4501-9950-510DE0E1BD86"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*","matchCriteriaId":"26108BEF-0847-4AB0-BD98-35344DFA7835"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*","matchCriteriaId":"A369D48B-6A0A-47AE-9513-D5E2E6F30931"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*","matchCriteriaId":"510F8317-94DA-498E-927A-83D5F41AF54A"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*","matchCriteriaId":"0D5D1970-6D2A-42CA-A203-42023D71730D"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*","matchCriteriaId":"C68AE52B-5139-40A4-AE9A-E752DBF07D1B"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*","matchCriteriaId":"0FD3467D-7679-479F-9C0B-A93F7CD0929D"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*","matchCriteriaId":"D4C6098E-EDBD-4A85-8282-B2E9D9333872"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*","matchCriteriaId":"518BB47B-DD76-4E8C-9F10-7EBC1E146191"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*","matchCriteriaId":"63940A55-D851-46EB-9668-D82BEFC1FE95"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*","matchCriteriaId":"68C7A97A-3801-44FA-96CA-10298FA39883"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*","matchCriteriaId":"6D69914D-46C7-4A0E-A075-C863C1692D33"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*","matchCriteriaId":"9CDB4476-B521-43E4-A129-8718A8E0A8CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*","matchCriteriaId":"9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*","matchCriteriaId":"A4A6BF78-B772-435C-AC1A-2199027CCF9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*","matchCriteriaId":"2C88BD98-46F5-447F-963A-FB9B167E31BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*","matchCriteriaId":"C7A0615B-D958-4BBF-B53F-AA839A0FE845"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*","matchCriteriaId":"A654B8A2-FC30-4171-B0BB-366CD7ED4B6A"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*","matchCriteriaId":"F12CC8B5-C1EB-419E-8496-B9A3864656AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*","matchCriteriaId":"F1F4BF7F-90D4-4668-B4E6-B06F4070F448"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*","matchCriteriaId":"7FD7176C-F4D1-43A7-9E49-BA92CA0D9980"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*","matchCriteriaId":"2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*","matchCriteriaId":"0F441A43-1669-478D-9EC8-E96882DE4F9F"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*","matchCriteriaId":"C1C795B9-E58D-467C-83A8-2D45C792292F"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*","matchCriteriaId":"96C3F2DF-96A5-40F2-B5C7-E961C2EE4489"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:11.1:*:*:*:*:*:*:*","matchCriteriaId":"D120FD05-70E5-46AE-9B43-4F97BC8E05FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:11.2:*:*:*:*:*:*:*","matchCriteriaId":"752548E2-BB8F-49AB-9D80-38182232989B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*","matchCriteriaId":"E39D442D-1997-49AF-8B02-5640BE2A26CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*","matchCriteriaId":"4479F76A-4B67-41CC-98C7-C76B81050F8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*","matchCriteriaId":"394A16F2-CCD4-44E5-BF6B-E0C782A9FA38"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*","matchCriteriaId":"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2410","matchCriteriaId":"5E63B7B2-409A-476E-BA12-2A2D2F3B85DE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*","matchCriteriaId":"983D27DE-BC89-454E-AE47-95A26A3651E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2410","matchCriteriaId":"ADB5D4C9-DA14-4188-9181-17336F9445F6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*","matchCriteriaId":"5825AEE1-B668-40BD-86A9-2799430C742C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2410","matchCriteriaId":"0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*","matchCriteriaId":"3DA2D526-BDCF-4A65-914A-B3BA3A0CD613"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2410","matchCriteriaId":"90B7CFBF-761C-4EAA-A322-EF5E294AADED"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*","matchCriteriaId":"EE0CF40B-E5BD-4558-9321-184D58EF621D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2410","matchCriteriaId":"48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*","matchCriteriaId":"0F3C9C09-7B2B-4DB6-8BE0-35302ED35776"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2410","matchCriteriaId":"E74AAF52-1388-4BD9-B17B-3A6A32CA3608"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*","matchCriteriaId":"95503CE5-1D06-4092-A60D-D310AADCAFB1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3110","matchCriteriaId":"A107698C-9C63-44A9-8A2B-81EDD5702B4C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*","matchCriteriaId":"983D27DE-BC89-454E-AE47-95A26A3651E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3110","matchCriteriaId":"0FC0460E-4695-44FB-99EE-28B2C957B760"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*","matchCriteriaId":"5825AEE1-B668-40BD-86A9-2799430C742C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3110","matchCriteriaId":"BD54A092-85A7-4459-9C69-19E6E24AC24B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*","matchCriteriaId":"3DA2D526-BDCF-4A65-914A-B3BA3A0CD613"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3110","matchCriteriaId":"5F813DBC-BA1E-4C73-AA11-1BD3F9508372"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*","matchCriteriaId":"EE0CF40B-E5BD-4558-9321-184D58EF621D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3110","matchCriteriaId":"EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*","matchCriteriaId":"0F3C9C09-7B2B-4DB6-8BE0-35302ED35776"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3110","matchCriteriaId":"416B805F-799A-4466-AC5A-93D083A2ABBD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*","matchCriteriaId":"95503CE5-1D06-4092-A60D-D310AADCAFB1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.1.1","matchCriteriaId":"B0F46497-4AB0-49A7-9453-CC26837BF253"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.12","matchCriteriaId":"5722E753-75DE-4944-A11B-556CB299B57D"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.6","matchCriteriaId":"DC0F9351-81A4-4FEA-B6B5-6E960A933D32"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*","matchCriteriaId":"EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"8284","Ordinal":"1","Title":"CVE-2020-8284","CVE":"CVE-2020-8284","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"8284","Ordinal":"1","NoteData":"A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.","Type":"Description","Title":"CVE-2020-8284"},{"CveYear":"2020","CveId":"8284","Ordinal":"2","NoteData":"2020-12-14","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"8284","Ordinal":"3","NoteData":"2022-02-07","Type":"Other","Title":"Modified"}]}}}