CVE-2020-27219
Cross-site Scripting in Eclipse Hawkbit
6.1
MEDIUM
CVSS 3.1
EPSS 0.32%
Description
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.
How to fix CVE-2020-27219
To remediate CVE-2020-27219, upgrade the affected package to a fixed version below.
- —upgrade to 0.3.0M7 or later
Is CVE-2020-27219 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.3.0M7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |