Apache Tomcat improperly escapes input from JsonErrorReportValve

GHSA-rq2w-37h9-vg94 · BIT-tomcat-2022-45143 · CVE-2022-45143

Published Jan 3, 2023 · Modified Apr 23, 2024

Description

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 does not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

References

7.5 / 10

HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Packages

Maven/org.apache.tomcat.embed:tomcat-embed-core

Fix 10.1.2, 8.5.84, 9.0.69

Introduced 10.1.0, 8.5.83, 9.0.40

25 affected versions

10.1.010.1.18.5.839.0.409.0.419.0.439.0.449.0.459.0.469.0.489.0.509.0.529.0.539.0.549.0.559.0.569.0.589.0.599.0.609.0.62 +5 more

Maven/org.apache.tomcat:tomcat-catalina

Fix 10.1.2

Introduced 10.1.0

2 affected versions

10.1.010.1.1

Maven/org.apache.tomcat:tomcat-util

Fix 8.5.84, 9.0.69

Introduced 8.5.83, 9.0.40

23 affected versions

8.5.839.0.409.0.419.0.439.0.449.0.459.0.469.0.489.0.509.0.529.0.539.0.549.0.559.0.569.0.589.0.599.0.609.0.629.0.639.0.64 +3 more

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes