[jira] [Created] (TOMEE-4176) CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection on TomEE's tomcat-websocket.jar

Yugandher reddy vonteddu (Jira) Mon, 16 Jan 2023 20:24:05 -0800

Yugandher reddy vonteddu created TOMEE-4176:
-----------------------------------------------


             Summary: CVE-2022-45143 Apache Tomcat - JsonErrorReportValve 
injection on TomEE's tomcat-websocket.jar
                 Key: TOMEE-4176
                 URL: https://issues.apache.org/jira/browse/TOMEE-4176
             Project: TomEE
          Issue Type: Bug
            Reporter: Yugandher reddy vonteddu


 

More details on : [https://nvd.nist.gov/vuln/detail/CVE-2022-45143]
h2. CVE-2022-45143 Detail
h3. Description

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 
10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In 
some circumstances these are constructed from user provided data and it was 
therefore possible for users to supply values that invalidated or manipulated 
the JSON output.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (TOMEE-4176) CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection on TomEE's tomcat-websocket.jar

Reply via email to