br.com.arsmachina:tapestry-url-rewriter (>=1.0.1 <=2.0.0), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2) +294 more potentially affected by CVE-2026-43515 via org.apache.tomcat:catalina (>=6.0.13 <=6.0.53)

org.apache.tomcat:catalina MAVEN version =6.0.13, =1.0.1, =1.2.1, =0.1, =7.12.0, =1.0.0, =1.0.3, =9.0.3, =9.0.3, =0.7.1, =1.5, =1.8.2, =0.9.0, =1.0.0 and more Source cves: CVE-2026-43515 Source advisory: SNYK:JAVA-ORGAPACHETOMCAT-16690891...

Apache Tapestry - Remote Code Execution

Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the...

CVE-2021-27850

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

CVE-2022-31781

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service ReDoS in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on...

EUVD-2019-0738

Malware in sbrugna...

EUVD-2022-3496

Malicious code in bioql PyPI...

EUVD-2022-1426

Malicious code in bioql PyPI...

EUVD-2022-6199

Malicious code in bioql PyPI...

EUVD-2022-1222

Malicious code in bioql PyPI...

Malicious code in tapestry.build (npm)

The package tapestry.build was found to contain malicious code...

MAL-2025-34545 Malicious code in tapestry.build (npm)

The package tapestry.build was found to contain malicious code...

CVE-2021-30638

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to...

CVE-2020-17531

A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to...

CVE-2019-0207

Tapestry processes assets /assets/ctx using classes chain StaticFilesFilter - AssetDispatcher - ContextResource, which doesn't filter the character \, so attacker can perform a path traversal attack to read any files on Windows platform...

North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data

North Korean information technology IT workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivated attacks. "In some...

Apache Tapestry Arbitrary File Read

Apache Tapestry versions 5.4.0 5.6.2 and 5.7.0 5.7.1 allows an unauthenticated attacker to access Class files via a specially crafted request. If the value of 'tapestry.hmac-passphrase' is recovered, this vulnerability can be exploited to obtain arbitrary code execution through the value of the...

Apache Tapestry HMAC secret key leak

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Tapestry HMAC secret key leak', 'Description' = %q This exploit finds the HMAC secret key used in Java serialization by Apache Tapestry...

VulnCheck KEV: CVE-2021-27850

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

Malicious code in @get-bridge/tapestry-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bc1d41f48feb6046e7a27f7a15290bb4b1b479f102ed0d6ebd6cdc4bc89d8210 The OpenSSF Package Analysis project identified '@get-bridge/tapestry-sdk' @ 99.99.991 npm as malicious. It is considered malicious because: - T...

CVE-2022-46366

Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the also unsupported 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no...