CVE-2020-8284

CVE-2020-8284

Vendor N/A

Product https://github.com/curl/curl

Weakness CWE-200 · Info exposure

Published December 14, 2020

Last update April 16, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Key dates

02Disclosure timeline

December 14, 2020 CVE published

April 16, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-8284 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE