Improper Input Validation in Undertow

GHSA-2w73-fqqj-c92p · CVE-2020-1757

Published May 24, 2022 · Modified Nov 8, 2023

Description

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-1757
WEB https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes