Lucene search
GitHub Advisory DatabaseGHSA-2W73-FQQJ-C92PHistoryMay 24, 2022 - 5:15 p.m.
Improper Input Validation in Undertow
2022-05-2417:15:56
CWE-20
CWE-200
GitHub Advisory Database
github.com
12
0.001 Low
EPSS
Percentile
27.0%
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
| CPE | Name | Operator | Version |
|---|---|---|---|
| io.undertow:undertow-core | le | 2.0.42 |
Related
redhatcve
redhatcve
CVE-2020-1757
2020-03-17 17:10:53
cve
cve
CVE-2020-1757
2020-04-21 17:15:00
osv
osv
CVE-2020-1757
2020-04-21 17:15:12
Improper Input Validation in Undertow
2022-05-24 17:15:56
prion
prion
Security feature bypass
2020-04-21 17:15:00
veracode
veracode
Authorization Bypass
2020-05-13 03:23:47
ubuntucve
ubuntucve
CVE-2020-1757
2020-04-21 00:00:00
cvelist
cvelist
CVE-2020-1757
2020-04-21 15:31:14
debiancve
debiancve
CVE-2020-1757
2020-04-21 17:15:00
redhat
redhat
nessus
nessus