1. Home
  2. Vulnerabilities
  3. CVE-2022-46366

CVE-2022-46366

CVSS v3.1 9.8 (Critical)
98% Progress
EPSS 5.02 % (93th)
5.02% Progress
Affected Products 1
Advisories 1
NVD Status Modified
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.

Weaknesses
CWE-502
Deserialization of Untrusted Data
Related CVEs
CVE Status
PUBLISHED
NVD Status
Modified
CNA
Apache Software Foundation
Published Date
2022-12-02 14:15:10
(21 months ago)
Updated Date
2024-08-03 15:15:36
(6 weeks ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Tapestry from 3.0.0 version and prior 4.0.0 version cpe:2.3:a:apache:tapestry >= 3.0.0 < 4.0.0