CVE-2020-13697
Last modified
CVE-2020-13697 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. EPSS estimates a 0.75% chance of exploitation in the next 30 days.
Description
An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, because the GeneralHandler GET handler prints user input passed through the query string without any sanitization.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nanohttpd | Nanohttpd | <= 2.3.1 |
References
- https://github.com/NanoHttpd/nanohttpdProduct, Third Party Advisory
- https://www.vdoo.com/advisoriesThird Party Advisory
- https://github.com/NanoHttpd/nanohttpdProduct, Third Party Advisory
- https://www.vdoo.com/advisoriesThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-13697?
How severe is CVE-2020-13697?
How do I fix CVE-2020-13697?
Are you affected by CVE-2020-13697?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST