CVE-2020-13697

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-13697

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13697.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-13697

Aliases

GHSA-pr5m-4w22-8483

Published

2021-02-23T08:15:11Z

Modified

2024-05-14T07:39:14.404686Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, because the GeneralHandler GET handler prints user input passed through the query string without any sanitization.

References

Affected packages

Git / github.com/nanohttpd/nanohttpd

Affected ranges

Type: GIT
Repo: https://github.com/nanohttpd/nanohttpd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

16ed41b22c2739838ec7cb0e6ba26d52f4c8db3e

Affected versions

2.*

2.0.0-Release

Release-2.*

Release-2.0.2

Release-2.0.3

Release-2.0.4

Release-2.0.5

Release-2.1.0

nanohttpd-project-2.*

nanohttpd-project-2.2.0

nanohttpd-project-2.3.0

nanohttpd-project-2.3.1

v1.*

v1.25