CVE-2022-45143

Опубликовано: 03 янв. 2023

Источник: ubuntu

Приоритет: medium

CVSS3: 7.5

Описание

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
esm-apps/bionic	not-affected	code not present
esm-infra/focal	DNE
esm-infra/xenial	not-affected	code not present
focal	DNE
jammy	DNE
kinetic	DNE
trusty	ignored	end of standard support
upstream	released	8.5.84
xenial	ignored	end of standard support

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	9.0.70-1ubuntu1
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	needed
esm-apps/noble	not-affected	9.0.70-1ubuntu1
focal	ignored	end of standard support, was needs-triage
jammy	needed
kinetic	ignored	end of life, was needs-triage
lunar	not-affected	9.0.70-1ubuntu1

Показывать по

Ссылки на источники

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-45143

CVSS3: 7.5

redhat

почти 3 года назад

CVE-2022-45143

CVSS3: 7.5

nvd

почти 3 года назад

CVE-2022-45143

CVSS3: 7.5

debian

почти 3 года назад

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and ...

SUSE-SU-2023:1853-1

suse-cvrf

больше 2 лет назад

Security update for tomcat

GHSA-rq2w-37h9-vg94

CVSS3: 7.5

github

почти 3 года назад

Apache Tomcat improperly escapes input from JsonErrorReportValve

7.5 High

CVSS3

CVE-2022-45143

Описание

Пакет tomcat8

Пакет tomcat9

Ссылки на источники

Связанные уязвимости