CVE-2020-1757

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1757

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1757.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1757

Aliases

GHSA-2w73-fqqj-c92p

Related

Published

2020-04-21T17:15:12Z

Modified

2024-09-03T03:19:32.733276Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757

Affected packages

Git / github.com/undertow-io/undertow

Affected ranges

Type: GIT
Repo: https://github.com/undertow-io/undertow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2291c7c07dc5bccf3b45c4db3a1b63123b8ce484

Affected versions

1.*

1.0.0.Alpha1

1.0.0.Alpha10

1.0.0.Alpha11

1.0.0.Alpha12

1.0.0.Alpha13

1.0.0.Alpha14

1.0.0.Alpha15

1.0.0.Alpha16

1.0.0.Alpha17

1.0.0.Alpha18

1.0.0.Alpha19

1.0.0.Alpha2

1.0.0.Alpha20

1.0.0.Alpha21

1.0.0.Alpha22

1.0.0.Alpha3

1.0.0.Alpha4

1.0.0.Alpha5

1.0.0.Alpha6

1.0.0.Alpha7

1.0.0.Alpha8

1.0.0.Alpha9

1.0.0.Beta1

1.0.0.Beta10

1.0.0.Beta11

1.0.0.Beta12

1.0.0.Beta13

1.0.0.Beta14

1.0.0.Beta15

1.0.0.Beta16

1.0.0.Beta17

1.0.0.Beta18

1.0.0.Beta19

1.0.0.Beta2

1.0.0.Beta20

1.0.0.Beta21

1.0.0.Beta22

1.0.0.Beta23

1.0.0.Beta24

1.0.0.Beta25

1.0.0.Beta26

1.0.0.Beta27

1.0.0.Beta28

1.0.0.Beta29

1.0.0.Beta3

1.0.0.Beta30

1.0.0.Beta31

1.0.0.Beta32

1.0.0.Beta33

1.0.0.Beta4

1.0.0.Beta5

1.0.0.Beta6

1.0.0.Beta7

1.0.0.Beta8

1.0.0.Beta9

1.0.0.CR1

1.0.0.CR2

1.0.0.CR3

1.0.0.CR4

1.0.0.Final

1.0.1.Final

1.0.2.Final

1.0.3.Final

1.1.0.Beta1

1.1.0.Beta2

1.1.0.Beta3

1.1.0.Beta4

1.1.0.Beta5

1.1.0.Beta6

1.1.0.Beta7

1.1.0.Beta8

1.2.0.Beta1

1.2.0.Beta10

1.2.0.Beta2

1.2.0.Beta3

1.2.0.Beta4

1.2.0.Beta5

1.2.0.Beta6

1.2.0.Beta7

1.2.0.Beta8

1.2.0.Beta9

1.2.0.CR1

1.2.0.Final

1.2.1.Final

1.2.2.Final

1.2.3.Final

1.2.4.Final

1.3.0.Beta1

1.3.0.Beta10

1.3.0.Beta11

1.3.0.Beta12

1.3.0.Beta13

1.3.0.Beta2

1.3.0.Beta3

1.3.0.Beta4

1.3.0.Beta5

1.3.0.Beta6

1.3.0.Beta7

1.3.0.Beta8

1.3.0.Beta9

1.3.0.CR1

1.3.0.CR2

1.3.0.CR3

1.3.0.Final

1.3.1.Final

1.3.2.Final

1.3.3.Final

2.*

2.0.0.Alpha1

2.0.0.Beta1

2.0.0.Final

2.0.1.Final

2.0.10.Final

2.0.11.Final

2.0.12.Final

2.0.13.Final

2.0.14.Final

2.0.15.Final

2.0.16.Final

2.0.17.Final

2.0.2.Final

2.0.20.Final

2.0.21.Final

2.0.22.Final

2.0.23.Final

2.0.24.Final

2.0.25.Final

2.0.26.Final

2.0.27.Final

2.0.28.Final

2.0.29.Final

2.0.3.Final

2.0.4.Final

2.0.5.Final

2.0.6.Final

2.0.7.Final

2.0.8.Final

2.0.9.Final