CVE-2020-13697: Cross-site Scripting

February 23, 2021 (updated February 26, 2021)

An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, because the GeneralHandler GET handler prints user input passed through the query string without any sanitization.

References

nvd.nist.gov/vuln/detail/CVE-2020-13697

Detect and mitigate CVE-2020-13697 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →