Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Regular Expression Denial of Service (ReDoS) in ContentType.java. (GHSL-2022-022)
Vulnerability Description
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
Apache Tapestry 安全漏洞
Vulnerability Description
Apache Tapestry是美国阿帕奇(Apache)基金会的一款使用Java语言编写的Web应用程序框架。 Apache Tapestry 5.8.1之前版本存在安全漏洞,该漏洞源于在处理内容类型的方式上容易受到正则表达式拒绝服务(ReDoS)攻击。特制的内容类型可能导致灾难性的回溯,这需要指数级的时间来完成。具体来说,这是关于org.apache.tapestry5.http.ContentType类的参数上使用的正则表达式。Apache Tapestry 5.8.2对这个漏洞进行了修复。注意,该
CVSS Information
N/A
Vulnerability Type
N/A