Known Vulnerabilities for Tapestry by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Tapestry" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-46366 json | ** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code executio... | 9.8 - CRITICAL | 2022-12-02 | 2023-11-07 |
| CVE-2022-31781 json | Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Conte... | 7.5 - HIGH | 2022-07-13 | 2023-08-02 |
| CVE-2021-30638 json | Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside W... | 7.5 - HIGH | 2021-04-27 | 2022-10-27 |
| CVE-2021-27850 json | A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected... | 9.8 - CRITICAL | 2021-04-15 | 2021-06-02 |
| CVE-2020-17531 json | A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" par... | 9.8 - CRITICAL | 2020-12-08 | 2023-11-07 |
| CVE-2020-13953 json | In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of t... | 5.3 - MEDIUM | 2020-09-30 | 2023-11-07 |
| CVE-2019-10071 json | The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel f... | 9.8 - CRITICAL | 2019-09-16 | 2023-11-07 |
| CVE-2019-0207 json | Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which ... | 7.5 - HIGH | 2019-09-16 | 2023-11-07 |
| CVE-2019-0195 json | Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloa... | 9.8 - CRITICAL | 2019-09-16 | 2023-11-07 |
| CVE-2014-1972 json | Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, w... | 7.8 - HIGH | 2015-08-22 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Tapestry | 5.6.1 | |||
| Application | Apache | Tapestry | 5.6.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.5.0 | |||
| Application | Apache | Tapestry | 5.4.5 | |||
| Application | Apache | Tapestry | 5.4.4 | |||
| Application | Apache | Tapestry | 5.4.3 |