[jira] [Updated] (TOMEE-4176) CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection on TomEE's tomcat-websocket.jar

Yugandher reddy vonteddu (Jira) Mon, 16 Jan 2023 23:06:15 -0800


     [ 
https://issues.apache.org/jira/browse/TOMEE-4176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Yugandher reddy vonteddu updated TOMEE-4176:
--------------------------------------------
    Affects Version/s: 8.0.13

> CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection on TomEE's 
> tomcat-websocket.jar
> ---------------------------------------------------------------------------------------------
>
>                 Key: TOMEE-4176
>                 URL: https://issues.apache.org/jira/browse/TOMEE-4176
>             Project: TomEE
>          Issue Type: Bug
>    Affects Versions: 8.0.13
>            Reporter: Yugandher reddy vonteddu
>            Priority: Major
>              Labels: CVE
>
>  
> More details on : [https://nvd.nist.gov/vuln/detail/CVE-2022-45143]
> h2. CVE-2022-45143 Detail
> h3. Description
> The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 
> 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. 
> In some circumstances these are constructed from user provided data and it 
> was therefore possible for users to supply values that invalidated or 
> manipulated the JSON output.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (TOMEE-4176) CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection on TomEE's tomcat-websocket.jar

Reply via email to