CVE-2020-1757
Improper Input Validation in Undertow
8.1
HIGH
CVSS 3.1
EPSS 0.46%
Description
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
How to fix CVE-2020-1757
To remediate CVE-2020-1757, upgrade the affected package to a fixed version below.
- —upgrade to 2.1.0-1 or later
- —upgrade to 2.1.0 or later
Is CVE-2020-1757 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.1.0-1
- from 0, < 2.1.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |