BIT-tomcat-2022-45143
- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2022-45143.json
- Aliases
- Published
- 2024-03-06T11:09:02.789Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
- References
Affected packages
Bitnami / tomcat
Package
- Name
- tomcat
Affected ranges
- Type
- SEMVER
- Events
-
Introduced9.0.40Fixed9.0.69
- Type
- SEMVER
- Events
-
Introduced8.5.83Last affected8.5.83Introduced10.1.0-milestone1Last affected10.1.0-milestone1Introduced10.1.0-milestone10Last affected10.1.0-milestone10Introduced10.1.0-milestone11Last affected10.1.0-milestone11Introduced10.1.0-milestone12Last affected10.1.0-milestone12Introduced10.1.0-milestone13Last affected10.1.0-milestone13Introduced10.1.0-milestone14Last affected10.1.0-milestone14Introduced10.1.0-milestone15Last affected10.1.0-milestone15Introduced10.1.0-milestone16Last affected10.1.0-milestone16Introduced10.1.0-milestone17Last affected10.1.0-milestone17Introduced10.1.0-milestone2Last affected10.1.0-milestone2Introduced10.1.0-milestone3Last affected10.1.0-milestone3Introduced10.1.0-milestone4Last affected10.1.0-milestone4Introduced10.1.0-milestone5Last affected10.1.0-milestone5Introduced10.1.0-milestone6Last affected10.1.0-milestone6Introduced10.1.0-milestone7Last affected10.1.0-milestone7Introduced10.1.0-milestone8Last affected10.1.0-milestone8Introduced10.1.0-milestone9Last affected10.1.0-milestone9Introduced10.1.1Last affected10.1.1