Apache Tapestry prior to 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote malicious users to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tapestry |