AZL-40857 CVE-2020-28493 affecting package nodejs for versions less than 20.14.0-1

🗓️ 01 Feb 2021 20:15:12Reported by GoogleType

osv🔗 osv.dev👁 2 Views

AZL-40857 CVE-2020-28493 affects nodejs <20.14.0-1 and jinja2 <=2.11.3; ReDoS via punctuation regex; mitigate with Markdown formatting and timeouts/memory limits.

Reporter	Title	Published	Views	Family All 171
IBM Security Bulletins	Security Bulletin: IBM Security QRadar Network Threat Analytics uses component jinja2 with a denial of service vulnerability (CVE-2020-28493)	16 Sep 202215:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Advisor With Watson uses components with known vulnerabilities (CVE-2020-36242, CVE-2021-33503, CVE-2020-28493)	20 Oct 202119:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	29 Apr 202416:48	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities	1 Apr 202216:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	19 Jan 202313:54	–	ibm
IBM Security Bulletins	Security Bulletin: High severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)	27 Apr 202222:57	–	ibm
Tenable Nessus	Alibaba Cloud Linux 3 : 0261: Moderate: python27:2.7 (ALINUX3-SA-2024:0261)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : python-jinja2 (ALSA-2021:4161)	9 Feb 202200:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: nodejs / python-jinja2 (CVE-2020-28493)	20 Apr 202500:00	–	nessus
Tenable Nessus	CentOS 8 : python27:2.7 (CESA-2021:4151)	11 Nov 202100:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-28493

21 Apr 2026 04:29Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.15.3

EPSS0.03546