CVE-2020-27219

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-27219
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27219.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-27219
Aliases
Published
2021-01-14T23:15:12Z
Modified
2024-05-14T08:04:33.010003Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.

References

Affected packages

Git / github.com/eclipse/hawkbit

Affected ranges

Type
GIT
Repo
https://github.com/eclipse/hawkbit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
347fac7f009e0cefbdf0b238d1b0878b5a176e0f
Last affected
3a5776a90d6dd4d2d498256a09aedaa14f578bed
Last affected
5b4bbeef41f9f0dd4ea353ff7900ef90b0c2b01b
Last affected
be17958f4abc4a5726d0b71d97f79274e3572384
Last affected
df23c4ef836f25b5630e86614c2a6e1944bfbd62
Last affected
e82f348063dec9c2a08adbfb4371cdbc7abc87ba
Last affected
f3659f01425ad0162f92fa73357f8c507058bcb2

Affected versions

0.*

0.2.0
0.2.0M1
0.2.0M2
0.2.0M3
0.2.0M4
0.2.0M5
0.2.0M6
0.2.0M7
0.2.0M8
0.2.0M9
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5