Lucene search
ApacheCVELIST:CVE-2021-30638HistoryApr 27, 2021 - 6:30 p.m.
CVE-2021-30638 An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later
2021-04-2718:30:15
CWE-200
apache
www.cve.org
1
Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1.
CNA Affected
[
{
"product": "Apache Tapestry",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "Apache Tapestry 5.6.4",
"status": "affected",
"version": "Apache Tapestry ",
"versionType": "custom"
},
{
"lessThan": "Apache Tapestry 5.7.2",
"status": "affected",
"version": "Apache Tapestry",
"versionType": "custom"
}
]
}
]Related
veracode
veracode
Information Disclosure
2021-04-28 06:39:37
Information Disclosure
2020-10-01 06:38:32
osv
osv
Information Exposure in Apache Tapestry
2022-03-18 17:53:58
CVE-2021-30638
2021-04-27 19:15:07
CVE-2020-13953
2020-09-30 18:15:21
cve
cve
CVE-2021-30638
2021-04-27 19:15:07
CVE-2020-13953
2020-09-30 18:15:21
openvas
openvas
github
github
Information Exposure in Apache Tapestry
2022-03-18 17:53:58
Improper file downloads in Apache Tapestry
2022-02-10 20:35:42
prion
prion
Information disclosure
2021-04-27 19:15:00
Code injection
2020-09-30 18:15:00
nvd
nvd
CVE-2021-30638
2021-04-27 19:15:07
CVE-2020-13953
2020-09-30 18:15:21
checkpoint_advisories
checkpoint_advisories
Apache Tapestry Information Disclosure (CVE-2021-30638)
2021-06-01 00:00:00
Apache Tapestry Information Disclosure (CVE-2020-13953)
2020-12-22 00:00:00
zdi
zdi
cvelist
cvelist
CVE-2020-13953
2020-09-30 16:51:59