{"id":"CVE-2020-27219","details":"In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.","aliases":["GHSA-rcvx-rmvf-mxch"],"modified":"2026-04-10T04:25:35.192295Z","published":"2021-01-14T23:15:12.977Z","references":[{"type":"ADVISORY","url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=570289"},{"type":"ADVISORY","url":"https://github.com/eclipse/hawkbit/issues/1067"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse/hawkbit","events":[{"introduced":"0"},{"last_affected":"347fac7f009e0cefbdf0b238d1b0878b5a176e0f"},{"introduced":"0"},{"last_affected":"df23c4ef836f25b5630e86614c2a6e1944bfbd62"},{"introduced":"0"},{"last_affected":"3a5776a90d6dd4d2d498256a09aedaa14f578bed"},{"introduced":"0"},{"last_affected":"e82f348063dec9c2a08adbfb4371cdbc7abc87ba"},{"introduced":"0"},{"last_affected":"be17958f4abc4a5726d0b71d97f79274e3572384"},{"introduced":"0"},{"last_affected":"5b4bbeef41f9f0dd4ea353ff7900ef90b0c2b01b"},{"introduced":"0"},{"last_affected":"f3659f01425ad0162f92fa73357f8c507058bcb2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.2.5"},{"introduced":"0"},{"last_affected":"0.3.0-m1"},{"introduced":"0"},{"last_affected":"0.3.0-m2"},{"introduced":"0"},{"last_affected":"0.3.0-m3"},{"introduced":"0"},{"last_affected":"0.3.0-m4"},{"introduced":"0"},{"last_affected":"0.3.0-m5"},{"introduced":"0"},{"last_affected":"0.3.0-m6"}]}}],"versions":["0.2.0","0.2.0M1","0.2.0M2","0.2.0M3","0.2.0M4","0.2.0M5","0.2.0M6","0.2.0M7","0.2.0M8","0.2.0M9","0.2.1","0.2.2","0.2.3","0.2.4","0.2.5","0.3.0M1","0.3.0M2","0.3.0M3","0.3.0M4","0.3.0M5","0.3.0M6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27219.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}