Published: 08/12/2020 Updated: 03/02/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tapestry

CVE-2020-17531 A Java Serialization vulnerability was found in Apache Tapestry 4 Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released Apache Tapestry 5

CVE-2022-46366 ** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3x allows deserialization of untrusted data, leading to remote code execution This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4x version line NOTE: This vulnerability only affects Apache Tapestry version line 3x, which is no longer supported by the maintainer

CVE-2020-1753 A security flaw was found in Ansible Engine, all Ansible 27x versions prior to 2717, all Ansible 28x versions prior to 2811 and all Ansible 29x versions prior to 297, when managing kubernetes using the k8s module Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

CWE-502 https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76@%3Cusers.tapestry.apache.org%3E https://security.netapp.com/advisory/ntap-20210115-0007/http://www.openwall.com/lists/oss-security/2022/12/02/1 https://github.com/Live-Hack-CVE/CVE-2020-17531 https://nvd.nist.gov https://github.com/Jonathan-Elias/PoC

CVE-2020-17531

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect