org.apache.tapestry:tapestry-core@5.4.3 vulnerabilities
-
latest version
5.8.4
-
latest non vulnerable version
-
first published
17 years ago
-
latest version published
2 months ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.tapestry:tapestry-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.tapestry:tapestry-core is a Tapestry Core package for Apache Tapestry. Affected versions of this package are vulnerable to Information Exposure via the context asset handling. It allows an attacker to download files inside How to fix Information Exposure? Upgrade |
[5.4.0,5.6.4)
[5.7.0,5.7.2)
|
org.apache.tapestry:tapestry-core is a Tapestry Core package for Apache Tapestry. Affected versions of this package are vulnerable to Arbitrary Code Execution. A critical unauthenticated remote code execution vulnerability was found in all recent versions of Apache Tapestry. A bypass of the fix for CVE-2019-0195 exists. where the blacklist solution can simply be bypassed byappending a The slash is stripped after the blacklist check and the file How to fix Arbitrary Code Execution? Upgrade |
[5.4.0,5.6.2)
[5.7.0,5.7.1)
|
org.apache.tapestry:tapestry-core is a Tapestry Core package for Apache Tapestry. Affected versions of this package are vulnerable to Arbitrary File Read. By crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run. How to fix Arbitrary File Read? Upgrade |
[5.4.0,5.6.0)
|
org.apache.tapestry:tapestry-core is a Tapestry Core package for Apache Tapestry. Affected versions of this package are vulnerable to Side-channel Attack.
It is possible to conduct a side channel timing attack during the comparison of HMAC signatures by package due to the usage of How to fix Side-channel Attack? Upgrade |
[5.4.0,5.4.5)
|
org.apache.tapestry:tapestry-core is a Tapestry Core package for Apache Tapestry. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. An attacker could guess the path to a known file in the classpath and have it downloaded. If the file has a value of the How to fix Deserialization of Untrusted Data? Upgrade |
[5.4.0,5.4.5)
|