CVE-2020-8284

Name: CVE-2020-8284 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2020-8284

LOW

CVSS v3.1: 3.7 · EPSS: 0.0010 (28.3 percentile)

NetworkNo privilegesNo user interactionInformation ExposureVendor advisory ref

Source data as of: 2026-04-17 06:05:21 UTC

At a glance

Severity: LOW
CVSS: 3.7 v3.1 · NVD
EPSS: 0.0010 (28.3 percentile) · FIRST.org
CISA KEV: No
Type: Information Exposure · NVD CWE
Attack conditions (CVSS vector): NetworkNo privilegesNo user interaction · Source: NVD Vector
Affected vendors: fedoraproject, siemens, splunk, oracle, haxx, fujitsu, netapp, apple, debian
Published: 2020-12-14 · Modified: 2026-04-16
References: Jump to references (8)

CVSS / EPSS / KEV

CVSS v3.1 3.7 / 10 LOW Source: NVD

EPSS 0.0010 28.3 percentile Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Record details

CVE ID: CVE-2020-8284
CVSS (v3.1): 3.7 (LOW)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability subscore: 2.2
Impact subscore: 1.4
EPSS: 0.0010 (28.3 percentile) — 2026-04-17
CISA KEV: No
Weakness (CWE): CWE-200
Affected vendors: fedoraproject, siemens, splunk, oracle, haxx, fujitsu, netapp, apple, debian
Affected configurations (CPE): 59
Published: 2020-12-14
Modified: 2026-04-16
Status: Modified

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

← Back to all records

CVE-2020-8284

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same affected vendor

Same weakness type (CWE)

Published the same year