Product
apache tapestry
10 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2022-46366
CVE-2022-31781
CVE-2021-30638
CVE-2021-27850
CVE-2020-17531
CVE-2020-13953
CVE-2019-10071
CVE-2019-0207
CVE-2019-0195
CVE-2014-1972
>= 3.0.0 and < 4.0.0
Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but disti
< 5.8.2
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Ty
>= 5.4.0 and < 5.6.4
Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-IN
>= 5.4.0 and < 5.6.2
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected vers
>= 4.0.0 and < 5.0.1
A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" paramete
>= 5.4.0 and < 5.6.4
In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WA
>= 5.4.0 and <= 5.4.3
The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for th
>= 5.4.0 and <= 5.4.4
Tapestry processes assets
/assets/ctx using classes chain StaticFilesFilter - AssetDispatcher - ContextResource, which doesn't>= 5.4.0 and <= 5.4.3
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded.
<= 5.3.5
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which