GHSA-6j88-6whg-x687

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-6j88-6whg-x687/GHSA-6j88-6whg-x687.json
Aliases
  • CVE-2022-34305
Published
2022-06-24T00:00:32Z
Modified
2022-08-15T08:36:12.744209Z
Details

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

References

Affected packages

Maven / org.apache.tomcat:tomcat

org.apache.tomcat:tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10.1.0-M1
Fixed
10.1.0-M17

Affected versions

10.*

10.1.0-M1
10.1.0-M10
10.1.0-M11
10.1.0-M12
10.1.0-M14
10.1.0-M15
10.1.0-M16
10.1.0-M2
10.1.0-M4
10.1.0-M5
10.1.0-M6
10.1.0-M7
10.1.0-M8

Database specific

{
    "last_known_affected_version_range": "<= 10.1.0-M16"
}

Maven / org.apache.tomcat:tomcat

org.apache.tomcat:tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10.0.0-M1
Fixed
10.0.22

Affected versions

10.*

10.0.0
10.0.0-M1
10.0.0-M10
10.0.0-M3
10.0.0-M4
10.0.0-M5
10.0.0-M6
10.0.0-M7
10.0.0-M8
10.0.0-M9
10.0.10
10.0.11
10.0.12
10.0.13
10.0.14
10.0.16
10.0.17
10.0.18
10.0.2
10.0.20
10.0.21
10.0.4
10.0.5
10.0.6
10.0.7
10.0.8

Maven / org.apache.tomcat:tomcat

org.apache.tomcat:tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.30
Fixed
9.0.65

Affected versions

9.*

9.0.30
9.0.31
9.0.33
9.0.34
9.0.35
9.0.36
9.0.37
9.0.38
9.0.39
9.0.40
9.0.41
9.0.43
9.0.44
9.0.45
9.0.46
9.0.48
9.0.50
9.0.52
9.0.53
9.0.54
9.0.55
9.0.56
9.0.58
9.0.59
9.0.60
9.0.62
9.0.63
9.0.64

Maven / org.apache.tomcat:tomcat

org.apache.tomcat:tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.5.50
Fixed
8.5.82

Affected versions

8.*

8.5.50
8.5.51
8.5.53
8.5.54
8.5.55
8.5.56
8.5.57
8.5.58
8.5.59
8.5.60
8.5.61
8.5.63
8.5.64
8.5.65
8.5.66
8.5.68
8.5.69
8.5.70
8.5.71
8.5.72
8.5.73
8.5.75
8.5.76
8.5.77
8.5.78
8.5.79
8.5.81