CVE-2022-31781

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on...

CVE-2019-0207

Tapestry processes assets /assets/ctx using classes chain StaticFilesFilter -> AssetDispatcher -> ContextResource, which doesn't filter the character \, so attacker can perform a path traversal attack to read any files on Windows platform.

CVE-2021-30638

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apac...

CVE-2014-1972

Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.