{"id":"CVE-2020-1757","details":"A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.","aliases":["GHSA-2w73-fqqj-c92p"],"modified":"2026-05-15T12:03:44.701158705Z","published":"2020-04-21T17:15:12.957Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*"],"vendor_product":"redhat:jboss_data_grid","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0.0"}]},{"cpes":["cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.0.0"}],"source":"CPE_FIELD","vendor_product":"redhat:jboss_enterprise_application_platform"},{"cpes":["cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*","cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"6.0.0"},{"last_affected":"7.0.0"}],"source":"CPE_FIELD","vendor_product":"redhat:jboss_fuse"},{"cpes":["cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.0"}],"source":"CPE_FIELD","vendor_product":"redhat:single_sign-on"},{"cpes":["cpe:2.3:a:redhat:undertow:2.0.0:sp1:*:*:*:*:*:*","cpe:2.3:a:redhat:undertow:2.0.25:sp1:*:*:*:*:*:*","cpe:2.3:a:redhat:undertow:2.0.26:sp3:*:*:*:*:*:*","cpe:2.3:a:redhat:undertow:2.0.28:sp1:*:*:*:*:*:*","cpe:2.3:a:redhat:undertow:2.0.28:sp2:*:*:*:*:*:*"],"vendor_product":"redhat:undertow","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.0.0-sp1"},{"last_affected":"2.0.25-sp1"},{"last_affected":"2.0.26-sp3"},{"last_affected":"2.0.28-sp1"},{"last_affected":"2.0.28-sp2"}]}]},"references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}