CVE-2022-45143

Опубликовано: 03 янв. 2023

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.5

Описание

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
esm-apps/bionic	needs-triage
esm-infra/focal	DNE
esm-infra/xenial	needs-triage
focal	DNE
jammy	DNE
kinetic	DNE
trusty	ignored	end of standard support
upstream	needs-triage
xenial	ignored	end of standard support

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	9.0.70-1ubuntu1
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	not-affected	9.0.70-1ubuntu1
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
kinetic	ignored	end of life, was needs-triage
lunar	not-affected	9.0.70-1ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 75%

0.00933

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-45143

CVSS3: 7.5

redhat

больше 2 лет назад

CVE-2022-45143

CVSS3: 7.5

nvd

больше 2 лет назад

CVE-2022-45143

CVSS3: 7.5

debian

больше 2 лет назад

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and ...

SUSE-SU-2023:1853-1

suse-cvrf

около 2 лет назад

Security update for tomcat

GHSA-rq2w-37h9-vg94

CVSS3: 7.5

github

больше 2 лет назад

Apache Tomcat improperly escapes input from JsonErrorReportValve

EPSS

Процентиль: 75%

0.00933

Низкий

7.5 High

CVSS3

CVE-2022-45143

Описание

Пакет tomcat8

Пакет tomcat9

Ссылки на источники

Связанные уязвимости