Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2022-45143
Good to know:
Date: January 3, 2023
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. After conducting further research, Mend has determined that versions 10.0.x of org.apache.tomcat:tomcat-catalina are vulnerable to CVE-2022-45143.
Language: Java
Severity Score
Related Resources (11)
Severity Score
Weakness Type (CWE)
Top Fix
Upgrade Version
Upgrade to version org.apache.tomcat.embed:tomcat-embed-core:8.5.84;org.apache.tomcat.embed:tomcat-embed-core:10.1.2;org.apache.tomcat.embed:tomcat-embed-core:9.0.69;org.apache.tomcat:tomcat-catalina:10.1.2;org.apache.tomcat:tomcat-util:8.5.84;org.apache.tomcat:tomcat-util:9.0.69
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | HIGH |
| Availability (A): | NONE |