CVE-2020-1757 (High) detected in undertow-core-2.0.19.Final.jar #109
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2020-1757 - High Severity Vulnerability
Undertow
Path to dependency file: /spring-distributed-tracing/service-reservation/pom.xml
Path to vulnerable library: /root/.m2/repository/io/undertow/undertow-core/2.0.19.Final/undertow-core-2.0.19.Final.jar
Dependency Hierarchy:
Found in base branch: master
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
Publish Date: 2020-04-21
URL: CVE-2020-1757
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1757
Release Date: 2020-04-30
Fix Resolution (io.undertow:undertow-core): 2.0.30.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.1.14.RELEASE
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: