Описание
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.3.5 (включая)
cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.0887
Низкий
7.8 High
CVSS2
Дефекты
CWE-399
Связанные уязвимости
EPSS
Процентиль: 92%
0.0887
Низкий
7.8 High
CVSS2
Дефекты
CWE-399