CVE-2022-45143

Опубликовано: 03 янв. 2023

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.5

Описание

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
esm-apps/bionic	not-affected	code not present
esm-infra/focal	DNE
esm-infra/xenial	not-affected	code not present
focal	DNE
jammy	DNE
kinetic	DNE
trusty	ignored	end of standard support
upstream	released	8.5.84
xenial	ignored	end of standard support

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	9.0.70-1ubuntu1
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	needed
esm-apps/noble	not-affected	9.0.70-1ubuntu1
focal	ignored	end of standard support, was needs-triage
jammy	needed
kinetic	ignored	end of life, was needs-triage
lunar	not-affected	9.0.70-1ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 76%

0.0095

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-45143

CVSS3: 7.5

redhat

около 3 лет назад

CVE-2022-45143

CVSS3: 7.5

nvd

около 3 лет назад

CVE-2022-45143

CVSS3: 7.5

debian

около 3 лет назад

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and ...

SUSE-SU-2023:1853-1

suse-cvrf

почти 3 года назад

Security update for tomcat

GHSA-rq2w-37h9-vg94

CVSS3: 7.5

github

около 3 лет назад

Apache Tomcat improperly escapes input from JsonErrorReportValve

EPSS

Процентиль: 76%

0.0095

Низкий

7.5 High

CVSS3

CVE-2022-45143

Описание

Пакет tomcat8

Пакет tomcat9

Ссылки на источники

Связанные уязвимости