Lucene search
Veracode Vulnerability DatabaseVERACODE:30190HistoryApr 28, 2021 - 6:39 a.m.
Information Disclosure
2021-04-2806:39:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.007 Low
EPSS
Percentile
79.7%
tapestry-core is vulnerable to information disclosure. Mishandling of URL allows an attacker to use malicious URL to list and download the JAVA webapp files from WEB-INF of the WAR being run. This CVE exists due to an incomplete fix for CVE-2020-13953.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tapestry-core | le | 5.7.1 | |
| tapestry-core | le | 5.6.3 | |
| tapestry-core | le | 5.7.1 | |
| tapestry-core | le | 5.6.3 |
Related
osv
osv
Information Exposure in Apache Tapestry
2022-03-18 17:53:58
CVE-2021-30638
2021-04-27 19:15:07
CVE-2020-13953
2020-09-30 18:15:21
cve
cve
CVE-2021-30638
2021-04-27 19:15:07
CVE-2020-13953
2020-09-30 18:15:21
openvas
openvas
github
github
Information Exposure in Apache Tapestry
2022-03-18 17:53:58
Improper file downloads in Apache Tapestry
2022-02-10 20:35:42
prion
prion
Information disclosure
2021-04-27 19:15:00
Code injection
2020-09-30 18:15:00
nvd
nvd
CVE-2021-30638
2021-04-27 19:15:07
CVE-2020-13953
2020-09-30 18:15:21
cvelist
cvelist
CVE-2021-30638 An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later
2021-04-27 18:30:15
CVE-2020-13953
2020-09-30 16:51:59
checkpoint_advisories
checkpoint_advisories
Apache Tapestry Information Disclosure (CVE-2021-30638)
2021-06-01 00:00:00
Apache Tapestry Information Disclosure (CVE-2020-13953)
2020-12-22 00:00:00
zdi
zdi
veracode
veracode
Information Disclosure
2020-10-01 06:38:32