Description
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=570289
https://github.com/eclipse/hawkbit/issues/1067
Related Vulnerabilities
CVE-2019-12404 Vulnerability in maven package org.apache.jspwiki:jspwiki-war
CVE-2014-0229 Vulnerability in maven package org.apache.hadoop:hadoop-hdfs
CVE-2017-12621 Vulnerability in maven package commons-jelly:commons-jelly
CVE-2023-30525 Vulnerability in maven package org.jenkins-ci.plugins:reportportal
CVE-2019-10295 Vulnerability in maven package org.jenkins-ci.plugins:crittercism-dsym