Описание
Cross-site Scripting in Eclipse Hawkbit
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.
Пакеты
Наименование
org.eclipse.hawkbit:hawkbit-parent
maven
Затронутые версииВерсия исправления
<= 0.3.0M6
0.3.0M7
Связанные уязвимости
CVSS3: 6.1
nvd
около 5 лет назад
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.