CVE-2020-1757: Improper Input Validation

April 21, 2020 (updated April 30, 2020)

A flaw was found in undertow, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757
nvd.nist.gov/vuln/detail/CVE-2020-1757

Code Behaviors & Features

Detect and mitigate CVE-2020-1757 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →