{"id":"CVE-2020-12059","details":"An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.","aliases":["BIT-ceph-2020-12059"],"modified":"2026-04-10T04:18:37.615552Z","published":"2020-04-22T13:15:11.337Z","related":["SUSE-SU-2020:1158-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"},{"type":"ADVISORY","url":"https://docs.ceph.com/docs/master/releases/mimic/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4528-1/"},{"type":"REPORT","url":"https://tracker.ceph.com/issues/44967"},{"type":"FIX","url":"https://bugzilla.suse.com/show_bug.cgi?id=1170170"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ceph/ceph","events":[{"introduced":"0"},{"last_affected":"58a2a9b31fd08d8bb3089fce0e312331502ff945"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"13.2.9"}]}}],"versions":["v0.1","v0.18","v0.19","v0.2","v0.4","v0.5","v0.6","v0.7.1","v0.7.2","v0.7.3","v0.9","v11.0.0","v13.0.0","v13.1.0","v13.1.1","v13.2.0","v13.2.1","v13.2.2","v13.2.3","v13.2.4","v13.2.5","v13.2.6","v13.2.7","v13.2.8","v13.2.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12059.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}