2 matches found
ai.h2o:h2o-clustering (>=3.32.1.1 <=3.44.0.2), ai.h2o:h2o-k8s (>=3.30.0.2 <=3.44.0.2) +3 more potentially affected by CVE-2020-13697 via org.nanohttpd:nanohttpd-nanolets (=2.3.1)
org.nanohttpd:nanohttpd-nanolets MAVEN version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.nanohttpd:nanohttpd-nanolets and may be impacted: - ai.h2o:h2o-clustering =3.32.1.1, =3.30.0.2, =3.34.0.3, =0.3.0, =2.0, =2.5 Source cves:...
CVE-2020-13697
NanoHTTPD (RouterNanoHTTPD.java, GeneralHandler) through version 2.3.1 is vulnerable to reflected XSS because the GET handler prints unsanitized query-string input into an HTML page. Multiple sources (NVD, CVE-2020-13697 records; Veracode and GHSA advisories; OSV/CVE records) describe this XSS is...