Description
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2305 Vulnerability (CVE-2021-2305)
XOOPS Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-0613)
WordPress Plugin Easy Google Map Cross-Site Scripting (1.1.4)
Drupal Core Security Bypass (8.0.0 - 9.1.15)
WordPress Plugin FireStorm Professional Real Estate Multiple SQL Injection Vulnerabilities (2.05.01)