Lucene search
GoogleOSV:CVE-2021-30638HistoryApr 27, 2021 - 7:15 p.m.
CVE-2021-30638
2021-04-2719:15:07
Google
osv.dev
4
Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tapestry-5 | eq | 5.7.1 | |
| tapestry-5 | eq | 5.7.0 |
Related
veracode
veracode
Information Disclosure
2021-04-28 06:39:37
Information Disclosure
2020-10-01 06:38:32
cve
cve
CVE-2021-30638
2021-04-27 19:15:07
CVE-2020-13953
2020-09-30 18:15:21
openvas
openvas
github
github
Information Exposure in Apache Tapestry
2022-03-18 17:53:58
Improper file downloads in Apache Tapestry
2022-02-10 20:35:42
osv
osv
Information Exposure in Apache Tapestry
2022-03-18 17:53:58
CVE-2020-13953
2020-09-30 18:15:21
Improper file downloads in Apache Tapestry
2022-02-10 20:35:42
prion
prion
Information disclosure
2021-04-27 19:15:00
Code injection
2020-09-30 18:15:00
nvd
nvd
CVE-2021-30638
2021-04-27 19:15:07
CVE-2020-13953
2020-09-30 18:15:21
cvelist
cvelist
CVE-2021-30638 An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later
2021-04-27 18:30:15
CVE-2020-13953
2020-09-30 16:51:59
zdi
zdi
checkpoint_advisories
checkpoint_advisories
Apache Tapestry Information Disclosure (CVE-2021-30638)
2021-06-01 00:00:00
Apache Tapestry Information Disclosure (CVE-2020-13953)
2020-12-22 00:00:00