← back
CVE-2020-27219

CVE-2020-27219

EPSS 0.8%CWE-79
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Jan 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.
Affected products
The Eclipse Foundation · Eclipse Hawkbit

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=570289https://github.com/eclipse/hawkbit/issues/1067