CVE-2020-27219 – org.eclipse.hawkbit:hawkbit-parent

Package

Manager: maven
Name: org.eclipse.hawkbit:hawkbit-parent
Vulnerable Version: >=0 <0.3.0m7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00317 pctl0.54158

Details

Cross-site Scripting in Eclipse Hawkbit In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.

Metadata

Created: 2022-02-09T22:19:44Z
Modified: 2021-04-06T21:53:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-rcvx-rmvf-mxch/GHSA-rcvx-rmvf-mxch.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-rcvx-rmvf-mxch
Finding: F008
Auto approve: 1