High severityNVD Advisory· Published Apr 21, 2020· Updated Aug 4, 2024
CVE-2020-1757
CVE-2020-1757
Description
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.undertow:undertow-coreMaven | < 2.1.0 | 2.1.0 |
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-2w73-fqqj-c92pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-1757ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.