Moderate severityNVD Advisory· Published Feb 23, 2021· Updated Aug 4, 2024

CVE-2020-13697

Description

An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, because the GeneralHandler GET handler prints user input passed through the query string without any sanitization.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.nanohttpd:nanohttpd-nanoletsMaven	<= 2.3.1	—

Affected products

NanoHTTPD/NanoHTTPDdescription
ghsa-coords
pkg:maven/org.nanohttpd/nanohttpd-nanolets
Range: <= 2.3.1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-pr5m-4w22-8483ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-13697ghsaADVISORY
github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/nanolets/pom.xmlghsaWEB
github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/nanolets/src/main/java/org/nanohttpd/router/RouterNanoHTTPD.javaghsaWEB
www.vdoo.com/advisoriesmitrex_refsource_MISC
www.vdoo.com/advisories/ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000