BIT-tomcat-2022-45143

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2022-45143.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-tomcat-2022-45143
Aliases
Published
2024-03-06T11:09:02.789Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

References

Affected packages

Bitnami / tomcat

Package

Name
tomcat
Purl
pkg:bitnami/tomcat

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
9.0.40
Fixed
9.0.69
Type
SEMVER
Events
Introduced
8.5.83
Last affected
8.5.83
Introduced
10.1.0-milestone1
Last affected
10.1.0-milestone1
Introduced
10.1.0-milestone10
Last affected
10.1.0-milestone10
Introduced
10.1.0-milestone11
Last affected
10.1.0-milestone11
Introduced
10.1.0-milestone12
Last affected
10.1.0-milestone12
Introduced
10.1.0-milestone13
Last affected
10.1.0-milestone13
Introduced
10.1.0-milestone14
Last affected
10.1.0-milestone14
Introduced
10.1.0-milestone15
Last affected
10.1.0-milestone15
Introduced
10.1.0-milestone16
Last affected
10.1.0-milestone16
Introduced
10.1.0-milestone17
Last affected
10.1.0-milestone17
Introduced
10.1.0-milestone2
Last affected
10.1.0-milestone2
Introduced
10.1.0-milestone3
Last affected
10.1.0-milestone3
Introduced
10.1.0-milestone4
Last affected
10.1.0-milestone4
Introduced
10.1.0-milestone5
Last affected
10.1.0-milestone5
Introduced
10.1.0-milestone6
Last affected
10.1.0-milestone6
Introduced
10.1.0-milestone7
Last affected
10.1.0-milestone7
Introduced
10.1.0-milestone8
Last affected
10.1.0-milestone8
Introduced
10.1.0-milestone9
Last affected
10.1.0-milestone9
Introduced
10.1.1
Last affected
10.1.1