Published: 02/12/2022 Updated: 11/04/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tapestry

DescriptionThe MITRE CVE dictionary describes this issue as: ** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3x allows deserialization of untrusted data, leading to remote code execution This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4x version line NOTE: This vulnerability only affects Apach ...

CWE-502 https://lists.apache.org/thread/bwn1vjrvz1hq0wbdzj23wz322244swhj http://www.openwall.com/lists/oss-security/2022/12/02/1 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0041/MNDT-2022-0041.md https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-46366

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-46366

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect