Описание
Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Applications 6 | Tapestry | Not affected | ||
| Migration Toolkit for Runtimes | Tapestry | Not affected | ||
| Red Hat Decision Manager 7 | Tapestry | Not affected | ||
| Red Hat Fuse 7 | Tapestry | Not affected | ||
| Red Hat JBoss Data Grid 7 | Tapestry | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | Tapestry | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | Tapestry | Not affected | ||
| Red Hat Process Automation 7 | Tapestry | Not affected | ||
| Red Hat Single Sign-On 7 | Tapestry | Not affected |
Показывать по
Дополнительная информация
Статус:
7.6 High
CVSS3
Связанные уязвимости
Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.
Apache Tapestry allows deserialization of untrusted data
7.6 High
CVSS3