CX: CVE-2020-1757 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab-1.refs/heads/master

github-actions[bot] commented 2 years ago

Description

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch refs/heads/master

Vulnerability ID: CVE-2020-1757

Package Name: io.undertow:undertow-core

Severity: HIGH

CVSS Score: 8.1

Publish Date: 2020-04-21T17:15:00

Current Package Version: 2.0.9.Final

Remediation Upgrade Recommendation: 2.2.36.Final

Link To SCA

Reference – NVD link

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 1 month ago

Issue still exists.

github-actions[bot] commented 4 days ago

Issue still exists.

SamHeadrickCx / JavaVulnerableLab-1

CX: CVE-2020-1757 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab-1.refs/heads/master #20