CVE-2020-6820
published 2020-04-24CVE-2020-6820: Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing…
PriorityP180high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
6.30%
92.7th percentile
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 74.0.1-1 (sid) | firefox 74.0.1-1 (sid) |
| debian | firefox-esr | < firefox 74.0.1-1 (sid) | firefox 74.0.1-1 (sid) |
| debian | thunderbird | < firefox 74.0.1-1 (sid) | firefox 74.0.1-1 (sid) |
| mozilla | firefox | < 68.6.1 | 68.6.1 |
| mozilla | firefox | < 74.0.1 | 74.0.1 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 74.0.1 | 74.0.1 |
| mozilla | firefox_esr | >= unspecified < 68.6.1 | 68.6.1 |
| mozilla | thunderbird | < 68.7.0 | 68.7.0 |
| mozilla | thunderbird | >= 0 < 1:68.7.0-1 | 1:68.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0-1 | 1:68.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0-1 | 1:68.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0-1 | 1:68.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0+build1-0ubuntu0.16.04.2 | 1:68.7.0+build1-0ubuntu0.16.04.2 |
| mozilla | thunderbird | >= 0 < 1:68.7.0+build1-0ubuntu0.18.04.1 | 1:68.7.0+build1-0ubuntu0.18.04.1 |
| mozilla | thunderbird | >= unspecified < 68.7.0 | 68.7.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-6820 is a use-after-free triggered by a race condition in the ReadableStream class; monitor for exploitation of ReadableStream handling in Firefox/Thunderbird processes ↗
- →Both CVE-2020-6819 and CVE-2020-6820 are use-after-free issues that can lead to RCE; treat any unexplained Firefox/Thunderbird crash or memory corruption as a potential exploitation indicator ↗
- →Exploitation was observed in targeted attacks in the wild; prioritize detection on endpoints running Firefox < 74.0.1, Firefox ESR < 68.6.1, or Thunderbird < 68.7.0 ↗
- ·No proof-of-concept code was publicly available at the time of initial disclosure; exploitation details were withheld pending researcher publication and possible cross-browser impact ↗
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.1HIGH
cisa8.1HIGH
vendor_ubuntu8.8HIGH
vendor_debian8.1HIGH
vendor_redhat8.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
cisa·2021-11-03·CVSS 8.1
CVE-2020-6820 [HIGH] CWE-362 Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Vulnerability: Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Affected: Mozilla Firefox and Thunderbird
Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-6820
Remediation Due Date: 2022-05-03
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2020-04-21·CVSS 8.8
CVE-2019-11745 [HIGH] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, bypass
same-origin restrictions, conduct cross-site scripting (XSS) attacks, or
execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,
CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010,
CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017,
CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503,
CVE-2020-6798,
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2020-04-13·CVSS 6.5
CVE-2020-6792 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
It was discovered that Message ID calculation was based on uninitialized
data. An attacker could potentially exploit this to obtain sensitive
information. (CVE-2020-6792)
Mutiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795,
CVE-2020-6822)
It was discovered that if a user saved passwords before Thunderbird 60
and then later set a master password, an unencrypted copy of these
passwords would still be accessible. A local user could exploit this to
obtain sensitive info
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2020-04-04
CVE-2020-6819 Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Two use-after-free bugs were discovered in Firefox. If a user were tricked
in to opening a specially crafted website, an attacker could exploit these
to cause a denial of service or execute arbitrary code.
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Red Hat
Mozilla: Use-after-free when handling a ReadableStream
vendor_redhat·2020-04-03·CVSS 8.1
CVE-2020-6820 [HIGH] CWE-416 Mozilla: Use-after-free when handling a ReadableStream
Mozilla: Use-after-free when handling a ReadableStream
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
A flaw was found in Mozilla's Firefox. A race condition can occur when handling a ReadableStream causing a use-after-free memory issue. The highest threat from this vulnerability are to data confidentiality and integrity as well as system availability.
Package: firefox (Red Hat Enterprise Linux 5) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 5) - Out of support scope
Debian
CVE-2020-6820: firefox - Under certain conditions, when handling a ReadableStream, a race condition can c...
vendor_debian·2020·CVSS 8.1
CVE-2020-6820 [HIGH] CVE-2020-6820: firefox - Under certain conditions, when handling a ReadableStream, a race condition can c...
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
Scope: local
sid: resolved (fixed in 74.0.1-1)
Mozilla
Mozilla Foundation Security Advisory 2020-11: CVE-2020-6820
vendor_mozilla·CVSS 8.1
CVE-2020-6820 [HIGH] Mozilla Foundation Security Advisory 2020-11: CVE-2020-6820
Mozilla Foundation Security Advisory 2020-11
CVE: CVE-2020-6820
Product: Firefox, Firefox ESR
Impact: critical
Fixed in: Firefox 74.0.1
Firefox ESR 68.6.1
Mozilla
Mozilla Foundation Security Advisory 2020-14: CVE-2020-6820
vendor_mozilla·CVSS 8.1
CVE-2020-6820 [HIGH] Mozilla Foundation Security Advisory 2020-14: CVE-2020-6820
Mozilla Foundation Security Advisory 2020-14
CVE: CVE-2020-6820
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 68.7
GHSA
GHSA-f77r-rqc9-53hh: Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free
ghsa_unreviewed·2022-05-24
CVE-2020-6820 [MEDIUM] CWE-362 GHSA-f77r-rqc9-53hh: Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
Project0
Déjà vu-lnerability - Project Zero
project_zero·2021-02-01
CVE-2014-9665 Déjà vu-lnerability - Project Zero
A Year in Review of 0-days Exploited In-The-Wild in 2020
Posted by Maddie Stone, Project Zero
2020 was a year full of 0-day exploits. Many of the Internet’s most popular browsers had their moment in the spotlight. Memory corruption is still the name of the game and how the vast majority of detected 0-days are getting in. While we tried new methods of 0-day detection with modest success, 2020 showed us that there is still a long way to go in detecting these 0-day exploits in-the-wild. But what may be the most notable fact is that 25% of the 0-days detected in 2020 are closely related to previously publicly disclosed vulnerabilities. In other words, 1 out of every 4 detected 0-day exploits could potentially have been avoided if a more thorough investigation and patching effort were explor
OSV
CVE-2020-6820: Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free
osv·2020-04-24·CVSS 8.1
CVE-2020-6820 [HIGH] CVE-2020-6820: Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
OSV
thunderbird vulnerabilities
osv·2020-04-21·CVSS 8.8
CVE-2019-11757 [HIGH] thunderbird vulnerabilities
thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, bypass
same-origin restrictions, conduct cross-site scripting (XSS) attacks, or
execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,
CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010,
CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017,
CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503,
CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807,
CVE-2020
OSV
thunderbird vulnerabilities
osv·2020-04-13·CVSS 6.5
CVE-2020-6792 [MEDIUM] thunderbird vulnerabilities
thunderbird vulnerabilities
It was discovered that Message ID calculation was based on uninitialized
data. An attacker could potentially exploit this to obtain sensitive
information. (CVE-2020-6792)
Mutiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795,
CVE-2020-6822)
It was discovered that if a user saved passwords before Thunderbird 60
and then later set a master password, an unencrypted copy of these
passwords would still be accessible. A local user could exploit this to
obtain sensitive information. (CVE-2020-6794)
Multiple security issues were discovered i
VulnCheck
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
vulncheck·2020·CVSS 8.1
CVE-2020-6820 [HIGH] CWE-362 Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.
Affected: Mozilla Firefox and Thunderbird
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-03
Project0
Project Zero RCA: CVE-2020-6820: Firefox use-after-free in Cache
project_zero·CVSS 8.1
CVE-2020-6820 [HIGH] Project Zero RCA: CVE-2020-6820: Firefox use-after-free in Cache
# CVE-2020-6820: Firefox use-after-free in Cache
*Maddie Stone, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-08-05)*
## The Basics
**Disclosure or Patch Date:** 03 April 2020
**Product:** Mozilla Firefox
**Advisory:** https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
**Affected Versions:** pre-74.0.1
**First Patched Version:** Firefox 74.0.1 and and Firefox ESR 68.6.1
**Issue/Bug Report:** https://bugzilla.mozilla.org/show_bug.cgi?id=1626728
**Patch CL:** https://hg.mozilla.org/mozilla-central/rev/6639deb894172375b05d6791f5f8c7d53ca79723
**Bug-Introducing CL:** Unknown
**Reporter(s):** Francisco Alonso [@revskills](https://twitter.com/revskills) working with Javier Marcos of [@JMPSec](https://twitter.c
No detection rules found.
No public exploits indexed.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Securelist
IT threat evolution Q2 2020. PC statistics
blogs_securelist·2020-09-03
IT threat evolution Q2 2020. PC statistics
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals during cyberattacks
- Attacks on Apple macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- Victor Chebyshev
- Evgeny Lopatin
- Fedor Sinitsyn
- Denis Parinov
- Oleg Kupreev
- Alexey Kulaev
- Alexander Kolesnikov
IT threat evolution Q2 2020. Review
IT threat evolution Q2 2020. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q2:
- Kaspersky solutions blocked 899,744,810 attacks launched from online resources in 191 countries across the globe.
- As many as 286,
Securelist
IT threat evolution Q2 2020. PC statistics
blogs_securelist·2020-09-03
IT threat evolution Q2 2020. PC statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Ransomware programs
Quarterly trend highlights
Number of new modifications
Number of users attacked by ransomware Trojans
Geography of attacks
Top 10 most common families of ransomware Trojans
Miners
Number of new modifications
Number of users attacked by miners
Geography of attacks
Vulnerable applications used by cybercriminals during cyberattacks
Attacks on Apple macOS
Threat geography
IoT attacks
IoT threat statistics
Threats loaded into traps
Attacks via web resources
Countries that are sources of web-based attacks: TOP 10
Countries where users faced the greatest risk of online infection
Local threats
Countries where users faced the highest risk of local infection
Authors
Victor
Checkpoint
6th April – Threat Intelligence Bulletin
blogs_checkpoint·2020-04-06·CVSS 8.8
CVE-2019-17026 [HIGH] 6th April – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 6th April – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 6th April 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
A new campaign of the Zeus Sphinx banker is targeting clients of US, Canadian and Australian banks using COVID-19 themed emails. Emails titled “COVID 19 relief” contain password-protected Word documents with malicious macros.
Check Point SandBlast, Anti-Bot and Anti-virus provide protection against this threat (Trojan-B
Tenable
CVE-2020-6819, CVE-2020-6820: Critical Mozilla Firefox Zero-Day Vulnerabilities Exploited in the Wild
blogs_tenable·2020-04-03·CVSS 8.1
[HIGH] CVE-2020-6819, CVE-2020-6820: Critical Mozilla Firefox Zero-Day Vulnerabilities Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
Crash in [@ mozilla::dom::cache::Manager::Factory::Abort]
bugzilla·2020-04-07
[CRITICAL] Crash in [@ mozilla::dom::cache::Manager::Factory::Abort]
Crash in [@ mozilla::dom::cache::Manager::Factory::Abort]
This bug is for crash report bp-f4aa3621-1111-45d7-a7c1-d1ff50200407.
```
Top 10 frames of crashing thread:
0 xul.dll static mozilla::dom::cache::Manager::Factory::Abort dom/cache/Manager.cpp:289
1 xul.dll `anonymous namespace'::CacheQuotaClient::AbortOperations dom/cache/QuotaClient.cpp:221
2 xul.dll static mozilla::dom::quota::QuotaManager::ShutdownTimerCallback dom/quota/ActorsParent.cpp:7717
3 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:562
4 xul.dll nsTimerEvent::Run xpcom/threads/TimerThread.cpp:259
5 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1220
6 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:486
7 xul.dll static mozilla::dom::cache::Manager::ShutdownAll dom/cache/Manager.cpp:
Bugzilla
CVE-2020-6820 Mozilla: Use-after-free when handling a ReadableStream
bugzilla·2020-04-04·CVSS 8.1
CVE-2020-6820 [HIGH] CVE-2020-6820 Mozilla: Use-after-free when handling a ReadableStream
CVE-2020-6820 Mozilla: Use-after-free when handling a ReadableStream
As per Mozilla upstream advisory:
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Francisco Alonso and Javier Marcos
---
External References:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
Via RHSA-2020:1340 https://access.redhat.com/errata/RHSA-2020:1340
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:1341 https://access
Bugzilla
AddressSanitizer: heap-use-after-free /home/fuzzer/firefox/src/dist/include/mozilla/ipc/ProtocolUtils.h:229:31 in Id
bugzilla·2020-04-01·CVSS 8.8
CVE-2020-6805 [HIGH] AddressSanitizer: heap-use-after-free /home/fuzzer/firefox/src/dist/include/mozilla/ipc/ProtocolUtils.h:229:31 in Id
AddressSanitizer: heap-use-after-free /home/fuzzer/firefox/src/dist/include/mozilla/ipc/ProtocolUtils.h:229:31 in Id
Created attachment 9137563
75.0b8-ff.log
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
Steps to reproduce:
Reproduced in 75.0b8 firefox
After the last advisory I thought that this had been fixed in Firefox 74, Bug 1610880 CVE-2020-6805 . It's related? or am I missing something.
Actual results:
```
==7841==ERROR: AddressSanitizer: heap-use-after-free on address 0x6080006452a8 at pc 0x7f1255bf90b0 bp 0x7f11c984d690 sp 0x7f11c984d688 READ of size 4 at 0x6080006452a8 thread T24 (IPDL Background)
#0 0x7f1255bf90af in Id /home/fuzzer/firefox/src/dist/include/mozilla/ipc/ProtocolUtils.h:229:31
#1 0x7f125
https://bugzilla.mozilla.org/show_bug.cgi?id=1626728https://usn.ubuntu.com/4335-1/https://www.mozilla.org/security/advisories/mfsa2020-11/https://www.mozilla.org/security/advisories/mfsa2020-14/https://bugzilla.mozilla.org/show_bug.cgi?id=1626728https://usn.ubuntu.com/4335-1/https://www.mozilla.org/security/advisories/mfsa2020-11/https://www.mozilla.org/security/advisories/mfsa2020-14/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6820
2020-04-24
Published
2021-11-03
Added to CISA KEV
Exploited in the wild