pkg:Maven/org.apache.tapestry:tapestry-core

All known vulnerabilities

• CRITICAL9.8CVE-2022-46366Apache Tapestry allows deserialization of untrusted data
  >= 3.0, < 5.0.1
• CRITICAL9.8CVE-2019-0195Deserialization of Untrusted Data in Apache Tapestry
  >= 5.4.0, < 5.4.5
• CRITICAL9.8CVE-2019-10071Timing attack on HMAC signature comparison in Apache Tapestry
  >= 5.4, < 5.4.5
• HIGH7.5Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking
  from 0, < 5.8.2
• HIGH7.5Information Exposure in Apache Tapestry
  >= 5.4.0, < 5.6.4
• HIGH7.5Path traversal attack on Windows platforms
  >= 5.4.0, < 5.4.5
• MEDIUM5.3Improper file downloads in Apache Tapestry
  >= 5.4.0, < 5.6.0
• —Apache Tapestry Unsafe Object Storage
  from 0, < 5.3.6
• —Remote code execution in Apache Tapestry
  >= 5.4.0, < 5.6.3