CVE-2020-27218 in Blockchain Platforminfo

Zusammenfassung

von MITRE • 28.11.2020

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

19.10.2020

Veröffentlichung

28.11.2020

Moderieren

akzeptiert

Eintrag

Verknüpfen

zeigen

CPE

bereit

CWE

CWE-226 (bestätigt)

CVSS

4.8 (NVD)

EPSS

0.00599

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-27218
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-27218
CVE Details	https://www.cvedetails.com/cve/CVE-2020-27218/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!