CVE-2014-1972
Apache Tapestry prior to 5.3.6 is vulnerable due to storing objects on the client side without verifying client modifications, enabling denial of service or arbitrary code execution via crafted serialized data. Affected: Apache Tapestry versions up to 5.3.5 (and 5.3.x prior to 5.3.6). Root cause:...