Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-4176

CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection on TomEE's tomcat-websocket.jar

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 8.0.13
    • 8.0.14
    • None

    Description

       

      More details on : https://nvd.nist.gov/vuln/detail/CVE-2022-45143

      CVE-2022-45143 Detail

      Description

      The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

      Attachments

        Issue Links

          is fixed by

          Dependency upgrade - Upgrading a dependency to a newer version TOMEE-4173 Tomcat 9.0.71

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              rzo1 Richard Zowalla
              9177012889 Yugandher reddy vonteddu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: