Lucene search
GoogleOSV:GHSA-GHM8-MMX7-XVG2HistoryMar 18, 2022 - 5:53 p.m.
Information Exposure in Apache Tapestry
2022-03-1817:53:58
Google
osv.dev
13
0.007 Low
EPSS
Percentile
79.7%
Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1.
References
www.openwall.com/lists/oss-security/2021/04/27/3
lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2021-30638
security.netapp.com/advisory/ntap-20210528-0004
www.zerodayinitiative.com/advisories/ZDI-21-491
Related
veracode
veracode
Information Disclosure
2021-04-28 06:39:37
Information Disclosure
2020-10-01 06:38:32
cve
cve
CVE-2021-30638
2021-04-27 19:15:07
CVE-2020-13953
2020-09-30 18:15:21
openvas
openvas
github
github
Information Exposure in Apache Tapestry
2022-03-18 17:53:58
Improper file downloads in Apache Tapestry
2022-02-10 20:35:42
prion
prion
Information disclosure
2021-04-27 19:15:00
Code injection
2020-09-30 18:15:00
osv
osv
CVE-2021-30638
2021-04-27 19:15:07
CVE-2020-13953
2020-09-30 18:15:21
Improper file downloads in Apache Tapestry
2022-02-10 20:35:42
nvd
nvd
CVE-2021-30638
2021-04-27 19:15:07
CVE-2020-13953
2020-09-30 18:15:21
cvelist
cvelist
CVE-2021-30638 An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later
2021-04-27 18:30:15
CVE-2020-13953
2020-09-30 16:51:59
zdi
zdi
checkpoint_advisories
checkpoint_advisories
Apache Tapestry Information Disclosure (CVE-2021-30638)
2021-06-01 00:00:00
Apache Tapestry Information Disclosure (CVE-2020-13953)
2020-12-22 00:00:00