CVE-2020-27219
maven/org.eclipse.hawkbit/hawkbit-parent
Cross-site Scripting
In all version of Eclipse Hawkbit M7, the HTTP (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.
All versions up to 0.2.5, version 0.3.0
Unfortunately, there is no solution available yet.
2021-01-22
source |