HomePentest-Tools.com Logo

Apache Tapestry - Remote Code Execution CVE-2021-27850

Severity
CVSSv3 Score
9.8
Vulnerability description

Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL.\n

Risk description

No risk description to display.

Recommendation

Apply the latest security patches or updates provided by Apache to fix the vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Apr 15, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available