CVE-2020-27219: Cross-site Scripting

January 14, 2021 (updated January 21, 2021)

In all version of Eclipse Hawkbit M7, the HTTP (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.

References

bugs.eclipse.org/bugs/show_bug.cgi?id=570289
nvd.nist.gov/vuln/detail/CVE-2020-27219

Code Behaviors & Features

Detect and mitigate CVE-2020-27219 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →