pkg:maven/org.apache.tapestry/tapestry-core
Type
maven
Namespace
org.apache.tapestry
Name
tapestry-core
Known advisories, vulnerabilities and fixes for org.apache.tapestry/tapestry-core package.
Critical
4
High
4
Moderate
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 5.8.2 |
CVE-2022-31781
|
MAVEN:GHSA-227G-7CVV-6FF3 | Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking | high |
2022-07-14T00:00:23
(2 years ago) |
|
Fixed | = 5.8.2 |
CVE-2022-31781
|
MAVEN:GHSA-227G-7CVV-6FF3 | Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking | high |
2022-07-14T00:00:23
(2 years ago) |
|
Affected | >= 5.4.0, < 5.4.5 |
CVE-2019-0195
|
MAVEN:GHSA-6MWH-FW4P-75FJ | Deserialization of Untrusted Data in Apache Tapestry | critical |
2022-05-24T22:00:35
(2 years ago) |
|
Fixed | = 5.4.5 |
CVE-2019-0195
|
MAVEN:GHSA-6MWH-FW4P-75FJ | Deserialization of Untrusted Data in Apache Tapestry | critical |
2022-05-24T22:00:35
(2 years ago) |
|
Affected | >= 5.4.0, < 5.4.5 |
CVE-2019-0207
|
MAVEN:GHSA-89R3-RCPJ-H7W6 | Path traversal attack on Windows platforms | high |
2019-11-18T17:19:03
(4 years ago) |
|
Fixed | = 5.4.5 |
CVE-2019-0207
|
MAVEN:GHSA-89R3-RCPJ-H7W6 | Path traversal attack on Windows platforms | high |
2019-11-18T17:19:03
(4 years ago) |
|
Affected | < 5.3.6 |
CVE-2014-1972
|
MAVEN:GHSA-C438-8CVQ-PXXX | Apache Tapestry Unsafe Object Storage | high |
2022-05-13T01:26:11
(2 years ago) |
|
Fixed | = 5.3.6 |
CVE-2014-1972
|
MAVEN:GHSA-C438-8CVQ-PXXX | Apache Tapestry Unsafe Object Storage | high |
2022-05-13T01:26:11
(2 years ago) |
|
Affected | >= 5.4, < 5.4.5 |
CVE-2019-10071
|
MAVEN:GHSA-FGMR-VX7C-5WJ6 | Timing attack on HMAC signature comparison in Apache Tapestry | critical |
2019-09-26T21:30:34
(5 years ago) |
|
Fixed | = 5.4.5 |
CVE-2019-10071
|
MAVEN:GHSA-FGMR-VX7C-5WJ6 | Timing attack on HMAC signature comparison in Apache Tapestry | critical |
2019-09-26T21:30:34
(5 years ago) |
|
Affected | >= 5.7.0, < 5.7.2 >= 5.4.0, < 5.6.4 |
CVE-2021-30638
|
MAVEN:GHSA-GHM8-MMX7-XVG2 | Information Exposure in Apache Tapestry | high |
2022-03-18T17:53:58
(2 years ago) |
|
Fixed | = 5.7.2 = 5.6.4 |
CVE-2021-30638
|
MAVEN:GHSA-GHM8-MMX7-XVG2 | Information Exposure in Apache Tapestry | high |
2022-03-18T17:53:58
(2 years ago) |
|
Affected | >= 5.7.0, < 5.7.1 >= 5.4.0, < 5.6.3 |
CVE-2021-27850
|
MAVEN:GHSA-MJ8X-CPR8-X39H | Remote code execution in Apache Tapestry | critical |
2021-06-16T17:33:19
(3 years ago) |
|
Fixed | = 5.7.1 = 5.6.3 |
CVE-2021-27850
|
MAVEN:GHSA-MJ8X-CPR8-X39H | Remote code execution in Apache Tapestry | critical |
2021-06-16T17:33:19
(3 years ago) |
|
Affected | >= 3.0, < 4.0 |
CVE-2022-46366
|
MAVEN:GHSA-VC39-X7W6-6VJ7 | Apache Tapestry allows deserialization of untrusted data | critical |
2022-12-02T15:30:26
(21 months ago) |
|
Fixed | = 5.0.1 |
CVE-2022-46366
|
MAVEN:GHSA-VC39-X7W6-6VJ7 | Apache Tapestry allows deserialization of untrusted data | critical |
2022-12-02T15:30:26
(21 months ago) |
|
Affected | >= 5.4.0, < 5.6.0 |
CVE-2020-13953
|
MAVEN:GHSA-W9MP-P2WP-2XF7 | Improper file downloads in Apache Tapestry | moderate |
2022-02-10T20:35:42
(2 years ago) |
|
Fixed | = 5.6.0 |
CVE-2020-13953
|
MAVEN:GHSA-W9MP-P2WP-2XF7 | Improper file downloads in Apache Tapestry | moderate |
2022-02-10T20:35:42
(2 years ago) |