at.porscheinformatik.tapestry:tapestry-csrf-protection (>=2.0.0.RELEASE <=3.0.1.RELEASE), br.com.arsmachina:tapestry-url-rewriter (>=1.0.1 <=2.0.0) +133 more potentially affected by CVE-2022-31781 via org.apache.tapestry:tapestry-core (>=5.0.10 <=5.8.1)

org.apache.tapestry:tapestry-core MAVEN version =5.0.10, =2.0.0.RELEASE, =1.0.1, =0.9.11, =0.9.13, =1.0.4, =0.1.1, =0.8.6, =0.8.6, =0.9, =1.3, =3.0, =0.8.9, =1.3, =0.8.9, =0.9-obsolete and more Source cves: CVE-2022-31781 Source advisory: OSV:GHSA-227G-7CVV-6FF3...

com.nhl.bootique.tapestry:bootique-tapestry (=0.1), de.julielab:julie-elastic-query-components (=1.0.3) +27 more potentially affected by CVE-2019-0195 via org.apache.tapestry:tapestry-core (>=5.4.0 <=5.4.4)

org.apache.tapestry:tapestry-core MAVEN version =5.4.0, =0.2, =1.2.0, =1.1.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.4.4 and more Source cves: CVE-2019-0195 Source advisory: OSV:GHSA-6MWH-FW4P-75FJ...

br.com.arsmachina:tapestry-url-rewriter (>=1.0.1 <=2.0.0), com.adaptrex:adaptrex-core (>=0.9.11 <=1.0-Alpha3) +74 more potentially affected by CVE-2014-1972 via org.apache.tapestry:tapestry-core (>=5.0.10 <=5.3.5)

org.apache.tapestry:tapestry-core MAVEN version =5.0.10, =1.0.1, =0.9.11, =1.0.4, =0.1.1, =0.8.6, =0.8.6, =0.9, =0.8.9, =0.8.9, =0.3, =3.0.2, =0.9, =3.0.1, =3.2.1 - com.jexbox.connector:jexbox-tapestry =0.0.1 - com.joshcanfield:tapestry-monitoring =1.0.1 and more Source cves: CVE-2014-1972 Source...

at.porscheinformatik.tapestry:tapestry-csrf-protection (=3.0.0.RELEASE), net.wicp.tams:tams-component (=1.2.7) +10 more potentially affected by CVE-2021-30638 via org.apache.tapestry:tapestry-core (>=5.7.0 <=5.7.1)

org.apache.tapestry:tapestry-core MAVEN version =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.1 Source cves: CVE-2021-30638 Source advisory: OSV:GHSA-GHM8-MMX7-XVG2...

at.porscheinformatik.tapestry:tapestry-csrf-protection (>=2.0.0.RELEASE <=2.0.1.RELEASE), com.flowlogix:flowlogix-tapestry (>=3.0 <=4.0.2) +36 more potentially affected by CVE-2021-30638 via org.apache.tapestry:tapestry-core (>=5.4.0 <=5.6.3)

org.apache.tapestry:tapestry-core MAVEN version =5.4.0, =2.0.0.RELEASE, =3.0, =3.0, =3.0, =1.2.0, =0.2, =1.1, =1.2.0, =1.1.0, =5.4.0, =5.6.3 and more Source cves: CVE-2021-30638 Source advisory: OSV:GHSA-GHM8-MMX7-XVG2...

com.nhl.bootique.tapestry:bootique-tapestry (=0.1), de.julielab:julie-elastic-query-components (=1.0.3) +31 more potentially affected by CVE-2020-13953 via org.apache.tapestry:tapestry-core (>=5.4.0 <=5.5.0)

org.apache.tapestry:tapestry-core MAVEN version =5.4.0, =1.2.0, =0.2, =1.1, =1.2.0, =1.1.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.5.0-beta-3 and more Source cves: CVE-2020-13953 Source advisory: OSV:GHSA-W9MP-P2WP-2XF7...

at.porscheinformatik.tapestry:tapestry-csrf-protection (=3.0.0.RELEASE), org.apache.tapestry:tapestry-beanvalidator (=5.7.0) +9 more potentially affected by CVE-2021-27850 via org.apache.tapestry:tapestry-core (=5.7.0)

org.apache.tapestry:tapestry-core MAVEN version =5.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.tapestry:tapestry-core and may be impacted: - at.porscheinformatik.tapestry:tapestry-csrf-protection =3.0.0.RELEASE -...

at.porscheinformatik.tapestry:tapestry-csrf-protection (>=2.0.0.RELEASE <=2.0.1.RELEASE), com.flowlogix:flowlogix-tapestry (>=3.0 <=4.0.2) +36 more potentially affected by CVE-2021-27850 via org.apache.tapestry:tapestry-core (>=5.4.0 <=5.6.2)

org.apache.tapestry:tapestry-core MAVEN version =5.4.0, =2.0.0.RELEASE, =3.0, =3.0, =3.0, =1.2.0, =0.2, =1.1, =1.2.0, =1.1.0, =5.4.0, =5.6.2 and more Source cves: CVE-2021-27850 Source advisory: OSV:GHSA-MJ8X-CPR8-X39H...

Information Disclosure

tapestry-core is vulnerable to information disclosure. Mishandling of URL allows an attacker to use malicious URL to list and download the JAVA webapp files from WEB-INF of the WAR being run. This CVE exists due to an incomplete fix for CVE-2020-13953...

Remote Code Execution

tapestry-core is vulnerable to remote code execution. Access to the classpath asset files is not restricted, allowing an attacker to guess the path to a known file in the classpath and retrieve the contents. It can also potentially allow the attacker to perform a Java serialization attack if the...

Information Disclosure

tapestry-core is vulnerable to information disclosure. Mishandling of URL allows an attacker to use malicious URL to list and download the JAVA webapp files from WEB-INF of the WAR being run...

com.nhl.bootique.tapestry:bootique-tapestry (=0.1), de.julielab:julie-elastic-query-components (=1.0.3) +27 more potentially affected by CVE-2019-0207 via org.apache.tapestry:tapestry-core (>=5.4.0 <=5.4.4)

org.apache.tapestry:tapestry-core MAVEN version =5.4.0, =0.2, =1.2.0, =1.1.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.4.4 and more Source cves: CVE-2019-0207 Source advisory: OSV:GHSA-89R3-RCPJ-H7W6...

com.ganshane.lichen:lichen-creeper (>=0.5.9 <=0.5.10.2), com.ganshane.lichen:lichen-node (>=0.5.9 <=0.5.10.2) +45 more potentially affected by CVE-2019-10071 via org.apache.tapestry:tapestry-core (>=5.4-beta-22 <=5.4.4)

org.apache.tapestry:tapestry-core MAVEN version =5.4-beta-22, =0.5.9, =0.5.9, =0.5.9, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.92-RELEASE, =0.98 - de.julielab:julie-elastic-query-components =1.0.3 - de.julielab:julielab-elastic-query-components =1.2.0 -...

Remote Code Execution

tapestry-core is vulnerable to remote code execution. Access to the classpath asset files is not restricted, allowing an attacker to guess the path to a known file in the classpath and retrieve the contents. It can also potentially allow the attacker to perform a Java serialization attack if the...

Information Disclosure

tapestry-core is vulnerable to information disclosure. The vulnerability exists due to the insecure usage of .equals for comparing hashes, allowing attackers to determine the correct signature for the payload...