Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-45143

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

Published

2023-01-03T19:15:10.403

Last Modified

2024-11-21T07:28:50.497

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-116
Type: Secondary
CWE-116

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	tomcat	< 9.0.69	Yes
Application	apache	tomcat	8.5.83	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.0	Yes
Application	apache	tomcat	10.1.1	Yes

References

https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj Mailing List, Vendor Advisory ([email protected])
https://security.gentoo.org/glsa/202305-37 Third Party Advisory ([email protected])
https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202305-37 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230216-0009/ (af854a3a-2127-422b-91ae-364da2661108)