CVE-2020-27219

Name of the Vulnerable Software and Affected Versions: Eclipse Hawkbit versions prior to 0.3.0M7

Description: The HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non-existing resource will return the full path from the given URL unescaped to the client.

Recommendations: For Eclipse Hawkbit versions prior to 0.3.0M7, update to version 0.3.0M7 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API to minimize the risk of exploitation. Avoid sending POST requests to non-existing resources until the issue is resolved.