Vulnerability Details CVE-2020-27219
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2020-27219
-
cpe:2.3:a:eclipse:hawkbit:0.2.0
-
cpe:2.3:a:eclipse:hawkbit:0.2.1
-
cpe:2.3:a:eclipse:hawkbit:0.2.2
-
cpe:2.3:a:eclipse:hawkbit:0.2.3
-
cpe:2.3:a:eclipse:hawkbit:0.2.4
-
cpe:2.3:a:eclipse:hawkbit:0.2.5
-
cpe:2.3:a:eclipse:hawkbit:0.3.0