CVE-2020-27219

MEDIUM

Eclipse Hawkbit <0.3.0M7 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-27219. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository appears to be a documentation or writeup repository for CVE-2020-27219, focusing on Eclipse hawkBit. It contains README files, scripts for dependency management, and documentation files, but no actual exploit code or proof-of-concept.

Description

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.

Exploits (1)

nomisec WRITEUP

by shoucheng3 · poc

https://github.com/shoucheng3/eclipse__hawkbit_CVE-2020-27219_0-3-0M6

View Code ZIP pw:eip

This repository appears to be a documentation or writeup repository for CVE-2020-27219, focusing on Eclipse hawkBit. It contains README files, scripts for dependency management, and documentation files, but no actual exploit code or proof-of-concept.

Classification

Writeup 90%

Attack Type

Other

Complexity

N/a

Reliability

N/a

Target: Eclipse hawkBit

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://bugs.eclipse.org/bugs/show_bug.cgi?id=570289

Third Party Advisory x_refsource_confirm

https://github.com/eclipse/hawkbit/issues/1067

Scores

CVSS v3 6.1

EPSS 0.0083

EPSS Percentile 52.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (3)

eclipse/hawkbit 0.3.0 m1 (6 CPE variants)

eclipse/hawkbit < 0.2.5

org.eclipse.hawkbit/hawkbit-parent 0 - 0.3.0M7Maven

Published Jan 14, 2021

Tracked Since Feb 18, 2026