2 matches found
Deserialization of untrusted data
UNSUPPORTED WHEN ASSIGNED Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the also unsupported 4.x version line. NOTE: This vulnerability only affects Apache Tapestry versi...
PT-2022-27841 · Apache · Apache Tapestry
Name of the Vulnerable Software and Affected Versions: Apache Tapestry versions 3.x Description: The issue allows deserialization of untrusted data, leading to remote code execution. This problem is similar to but distinct from an issue affecting the 4.x version line. The affected version line,...