Lucene search
Veracode Vulnerability DatabaseVERACODE:30006HistoryApr 16, 2021 - 5:14 a.m.
Remote Code Execution
2021-04-1605:14:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
0.973 High
EPSS
Percentile
99.9%
tapestry-core is vulnerable to remote code execution. Access to the classpath asset files is not restricted, allowing an attacker to guess the path to a known file in the classpath and retrieve the contents. It can also potentially allow the attacker to perform a Java serialization attack if the value of tapestry.hmac-passphrase configuration symbol is found. This CVE exists due to a bypass of the fix for CVE-2019-0195.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tapestry-core | eq | 5.7.0 | |
| tapestry-core | le | 5.6.2 |
Related
attackerkb
attackerkb
CVE-2021-27850
2021-04-15 00:00:00
osv
osv
Remote code execution in Apache Tapestry
2021-06-16 17:33:19
CVE-2021-27850
2021-04-15 08:15:14
CVE-2019-0195
2019-09-16 16:15:10
cvelist
cvelist
CVE-2021-27850 Bypass of the fix for CVE-2019-0195
2021-04-15 07:40:11
CVE-2019-0195
2019-09-16 15:37:37
nuclei
nuclei
Apache Tapestry - Remote Code Execution
2021-05-21 03:34:16
cve
cve
CVE-2021-27850
2021-04-15 08:15:14
CVE-2019-0195
2019-09-16 16:15:10
openvas
openvas
prion
prion
Remote code execution
2021-04-15 08:15:00
Deserialization of untrusted data
2019-09-16 16:15:00
nvd
nvd
CVE-2021-27850
2021-04-15 08:15:14
CVE-2019-0195
2019-09-16 16:15:10
github
github
Remote code execution in Apache Tapestry
2021-06-16 17:33:19
Deserialization of Untrusted Data in Apache Tapestry
2022-05-24 22:00:35
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Tapestry
2021-07-02 10:21:58
Exploit for Deserialization of Untrusted Data in Apache Tapestry
2021-06-25 13:55:41
Exploit for Deserialization of Untrusted Data in Apache Tapestry
2021-06-26 14:16:00
veracode
veracode
Remote Code Execution
2019-09-17 03:09:50
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-07-23 19:39:14