VDB
DEBIAN-CVE-2020-1757
DEBIAN-CVE-2020-1757
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | undertow | 0, 1.3.11-1, 1.3.16-1 |
Timeline
- Apr 21, 2020 CVE Published
- Apr 28, 2026 CVE Updated