Unsafe Characters in HTTP 404 JSON Response Body in Eclipse Hawkbit REST API

Unsafe Characters in HTTP 404 JSON Response Body in Eclipse Hawkbit REST API

CVE-2020-27219 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.

Learn more about our Api Penetration Testing.