CVE-2020-17508

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-17508
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-17508.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-17508
Downstream
Published
2021-01-11T10:15:13.343Z
Modified
2026-06-18T04:05:22.339914368Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.

References

Affected packages

Git / github.com/apache/trafficserver

Affected ranges

Type
GIT
Repo
https://github.com/apache/trafficserver
Events
Introduced
27f8e2cda9133864e6ffae0224c799fde5f10290
Last affected
eaed59510bda6f1d27854d9d3f07aace2afffc16
Introduced
6c1c6cf20e7d0e287d697a0f4181436013d17c30
Last affected
50d569d13cfa3bf7328e2483380794507ad8e24b
Introduced
b310e3566f58dd04ec2b15b111ec86ea70e20019
Last affected
72c03baa83e0736e4d3fc90880642c2f5593ecf2
Database specific 
{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.2.3"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "last_affected": "7.1.11"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.1.0"
        }
    ],
    "cpe": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*"
}

Affected versions

8.*
8.0.0
8.0.0-rc4
8.0.1
8.0.1-rc0
8.0.2
8.0.2-rc0
8.0.3
8.0.3-rc0
8.0.4
8.0.4-rc0
8.0.5
8.0.6
8.0.6-rc0
8.0.6-rc1
8.1.0
8.1.0-rc0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-17508.json"