BIT-tomcat-2022-45143

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2022-45143.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-tomcat-2022-45143
Aliases
Published
2024-03-06T11:09:02.789Z
Modified
2025-04-03T14:40:37.652Z
Summary
[none]
Details

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

Database specific 
{
    "cpes": [
        "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.83:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / tomcat

Package

Name
tomcat
Purl
pkg:bitnami/tomcat

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
9.0.40
Fixed
9.0.69
Introduced
8.5.83
Fixed
8.5.84
Introduced
10.1.1
Fixed
10.1.2