CVE-2020-1757
- Source
- https://cve.org/CVERecord?id=CVE-2020-1757
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1757.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-1757
- Aliases
- Downstream
- Published
- 2020-04-21T17:15:12.957Z
- Modified
- 2026-03-13T00:33:59.098812Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
- References
Affected packages
Git / github.com/undertow-io/undertow
Affected versions
1.*
1.0.0.Alpha1
1.0.0.Alpha10
1.0.0.Alpha11
1.0.0.Alpha12
1.0.0.Alpha13
1.0.0.Alpha14
1.0.0.Alpha15
1.0.0.Alpha16
1.0.0.Alpha17
1.0.0.Alpha18
1.0.0.Alpha19
1.0.0.Alpha2
1.0.0.Alpha20
1.0.0.Alpha21
1.0.0.Alpha22
1.0.0.Alpha3
1.0.0.Alpha4
1.0.0.Alpha5
1.0.0.Alpha6
1.0.0.Alpha7
1.0.0.Alpha8
1.0.0.Alpha9
1.0.0.Beta1
1.0.0.Beta10
1.0.0.Beta11
1.0.0.Beta12
1.0.0.Beta13
1.0.0.Beta14
1.0.0.Beta15
1.0.0.Beta16
1.0.0.Beta17
1.0.0.Beta18
1.0.0.Beta19
1.0.0.Beta2
1.0.0.Beta20
1.0.0.Beta21
1.0.0.Beta22
1.0.0.Beta23
1.0.0.Beta24
1.0.0.Beta25
1.0.0.Beta26
1.0.0.Beta27
1.0.0.Beta28
1.0.0.Beta29
1.0.0.Beta3
1.0.0.Beta30
1.0.0.Beta31
1.0.0.Beta32
1.0.0.Beta33
1.0.0.Beta4
1.0.0.Beta5
1.0.0.Beta6
1.0.0.Beta7
1.0.0.Beta8
1.0.0.Beta9
1.0.0.CR1
1.0.0.CR2
1.0.0.CR3
1.0.0.CR4
1.0.0.Final
1.0.1.Final
1.0.2.Final
1.0.3.Final
1.1.0.Beta1
1.1.0.Beta2
1.1.0.Beta3
1.1.0.Beta4
1.1.0.Beta5
1.1.0.Beta6
1.1.0.Beta7
1.1.0.Beta8
1.2.0.Beta1
1.2.0.Beta10
1.2.0.Beta2
1.2.0.Beta3
1.2.0.Beta4
1.2.0.Beta5
1.2.0.Beta6
1.2.0.Beta7
1.2.0.Beta8
1.2.0.Beta9
1.2.0.CR1
1.2.0.Final
1.2.1.Final
1.2.2.Final
1.2.3.Final
1.2.4.Final
1.3.0.Beta1
1.3.0.Beta10
1.3.0.Beta11
1.3.0.Beta12
1.3.0.Beta13
1.3.0.Beta2
1.3.0.Beta3
1.3.0.Beta4
1.3.0.Beta5
1.3.0.Beta6
1.3.0.Beta7
1.3.0.Beta8
1.3.0.Beta9
1.3.0.CR1
1.3.0.CR2
1.3.0.CR3
1.3.0.Final
1.3.1.Final
1.3.2.Final
1.3.3.Final
2.*
2.0.0.Alpha1
2.0.0.Beta1
2.0.0.Final
2.0.1.Final
2.0.10.Final
2.0.11.Final
2.0.12.Final
2.0.13.Final
2.0.14.Final
2.0.15.Final
2.0.16.Final
2.0.17.Final
2.0.2.Final
2.0.20.Final
2.0.21.Final
2.0.22.Final
2.0.23.Final
2.0.24.Final
2.0.25.Final
2.0.26.Final
2.0.27.Final
2.0.28.Final
2.0.29.Final
2.0.3.Final
2.0.4.Final
2.0.5.Final
2.0.6.Final
2.0.7.Final
2.0.8.Final
2.0.9.Final
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1757.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.0-sp1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.25-sp1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.26-sp3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.28-sp1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.28-sp2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
}
]