Tapestry
CVE-2022-31781
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1Blast Radius
ecosystem impact- 18 maven packages depend on org.apache.tapestry:tapestry-core (17 direct, 1 indirect)
Ecosystem-wide dependent count for version 5.8.2.
DescriptionNVD
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.
AnalysisAI
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1333. Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor. Affected products include: Apache Tapestry. Version information: version 5.8.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. Rated c
Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. Rated critical severity
A Java Serialization vulnerability was found in Apache Tapestry 4. Rated critical severity (CVSS 9.8), this vulnerabilit
The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side chan
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it do
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an obje
Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files ins
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, w
In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today