GHSA-c438-8cvq-pxxx

Source

https://github.com/advisories/GHSA-c438-8cvq-pxxx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c438-8cvq-pxxx/GHSA-c438-8cvq-pxxx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-c438-8cvq-pxxx

Aliases

CVE-2014-1972

Published

2022-05-13T01:26:11Z

Modified

2024-12-08T05:32:24.725962Z

Summary

Apache Tapestry Unsafe Object Storage

Details

Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.

Database specific

{
    "nvd_published_at": "2015-08-22T23:59:00Z",
    "cwe_ids": [
        "CWE-502"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-07T20:22:29Z"
}

References

Affected packages

Maven / org.apache.tapestry:tapestry-core

Package

Name: org.apache.tapestry:tapestry-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tapestry/tapestry-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.3.6

Affected versions

5.*

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.9

5.0.10

5.0.11

5.0.12

5.0.13

5.0.14

5.0.15

5.0.16

5.0.17

5.0.18

5.0.19

5.1.0.0

5.1.0.1

5.1.0.2

5.1.0.3

5.1.0.4

5.1.0.5

5.2.0

5.2.1

5.2.2

5.2.4

5.2.5

5.2.6

5.3

5.3.0

5.3.1

5.3.2

5.3.3-rc-1

5.3.3

5.3.4

5.3.5