CVE-2020-27219

Cross-site Scripting in maven/org.eclipse.hawkbit/hawkbit-parent

Identifiers

CVE-2020-27219

Package Slug

maven/org.eclipse.hawkbit/hawkbit-parent

Vulnerability

Cross-site Scripting

Description

In all version of Eclipse Hawkbit M7, the HTTP (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.

Affected Versions

All versions up to 0.2.5, version 0.3.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-01-22

source