Description
Characters in the GET url path are not properly escaped and can be reflected in the server response.
Remediation
References
https://snyk.io/vuln/SNYK-JS-IOBROKERWEB-534971
Related Vulnerabilities
CVE-2021-25122 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2022-37616 Vulnerability in npm package xmldom
CVE-2022-36127 Vulnerability in npm package skywalking-backend-js
CVE-2020-15135 Vulnerability in npm package save-server
CVE-2010-2245 Vulnerability in maven package org.apache.wink:wink-server