VDB

DEBIAN-CVE-2020-1757

DEBIAN-CVE-2020-1757 PUBLISHED CVSS 8.100000381469727 HIGH

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Debian:14undertow0, 1.3.11-1, 1.3.16-1

Timeline

  • Apr 21, 2020 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›