Approved changes feed: RSS · Atom
cpe:2.3:a:redhat:undertow:2.0.28:sp1:*:*:*:*:*:*
part: a version: 2.0.28 update: sp1
| Vendor | Redhat (e942785a-ca89-506e-bd99-50782639cde3) |
|---|---|
| Product | Undertow (1a749da4-1b00-587f-8f9f-adaa708b233b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/libundertow-java |
purl2cpe | 2026-06-01 10:12:52.980329 |
pkg:deb/ubuntu/libundertow-java |
purl2cpe | 2026-06-01 10:12:52.980331 |
pkg:github/undertow-io/undertow |
purl2cpe | 2026-06-01 10:12:52.980332 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-1757 |
vulnerable | 2026-06-03 14:41:58.590064 |
Details available
HIGH (8.1)
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
Published: 2020-04-21T15:31:14.000Z
Updated: 2024-08-04T06:46:30.881Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.