Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Apache Tapestry Security Vulnerabilities

cve
cve

CVE-2022-46366

Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no.....

9.8CVSS

9.5AI Score

0.071EPSS

2022-12-02 02:15 PM
49
cve
cve

CVE-2022-31781

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used...

7.5CVSS

7.5AI Score

0.003EPSS

2022-07-13 08:15 AM
64
4
cve
cve

CVE-2021-30638

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to...

7.5CVSS

6.1AI Score

0.007EPSS

2021-04-27 07:15 PM
57
6
cve
cve

CVE-2021-27850

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

9.8CVSS

9.6AI Score

0.974EPSS

2021-04-15 08:15 AM
83
In Wild
23
cve
cve

CVE-2020-17531

A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to...

9.8CVSS

9.3AI Score

0.008EPSS

2020-12-08 01:15 PM
58
1
cve
cve

CVE-2019-10071

The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The...

9.8CVSS

9.6AI Score

0.078EPSS

2019-09-16 06:15 PM
130
cve
cve

CVE-2019-0207

Tapestry processes assets /assets/ctx using classes chain StaticFilesFilter -> AssetDispatcher -> ContextResource, which doesn't filter the character , so attacker can perform a path traversal attack to read any files on Windows...

7.5CVSS

7.4AI Score

0.002EPSS

2019-09-16 05:15 PM
80