Community
Participate
Working Groups
This is an informational CVE originally filed here: https://github.com/eclipse/hawkbit/issues/1067 ======================================= project: Eclipse hawkBit version: All versions prior 0.3.0M7 cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') summary: The HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client. Calculated score: 5.3 (Medium) => https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
I've assigned CVE-2020-27219 Pull request: https://github.com/CVEProject/cvelist/pull/520
Thanks a lot, Wayne!