Vulnerabilities > Apache > Tapestry > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-02 CVE-2022-46366 Unspecified vulnerability in Apache Tapestry
Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution.
network
low complexity
apache
critical
9.8
2021-04-15 CVE-2021-27850 Deserialization of Untrusted Data vulnerability in Apache Tapestry
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry.
network
low complexity
apache CWE-502
critical
9.8
2020-12-08 CVE-2020-17531 Unspecified vulnerability in Apache Tapestry
A Java Serialization vulnerability was found in Apache Tapestry 4.
network
low complexity
apache
critical
9.8
2019-09-16 CVE-2019-10071 Information Exposure Through Discrepancy vulnerability in Apache Tapestry 5.4.0
The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures.
network
low complexity
apache CWE-203
critical
9.8
2019-09-16 CVE-2019-0195 Deserialization of Untrusted Data vulnerability in Apache Tapestry 5.4.0
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded.
network
low complexity
apache CWE-502
critical
9.8