A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch master
Description
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch master
Vulnerability ID: CVE-2020-1757
Package Name: io.undertow:undertow-core
Severity: HIGH
CVSS Score: 8.1
Publish Date: 2020-04-21T17:15:00
Current Package Version: 2.0.9.Final
Remediation Upgrade Recommendation: 2.2.26.Final
Link To SCA
Reference – NVD link