{"url":"http://public2.vulnerablecode.io/api/packages/477268?format=json","purl":"pkg:maven/org.apache.tapestry/tapestry-core@5.3.2","type":"maven","namespace":"org.apache.tapestry","name":"tapestry-core","version":"5.3.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.8.2","latest_non_vulnerable_version":"5.8.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207797?format=json","vulnerability_id":"VCID-6djj-2pqn-pyd7","summary":"Serialization vulnerability in Apache Tapestry","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17531","reference_id":"","reference_type":"","scores":[{"value":"0.64089","scoring_system":"epss","scoring_elements":"0.98456","published_at":"2026-06-11T12:55:00Z"},{"value":"0.64089","scoring_system":"epss","scoring_elements":"0.98461","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17531"},{"reference_url":"https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76@%3Cusers.tapestry.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76@%3Cusers.tapestry.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210115-0007","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210115-0007"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210115-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210115-0007/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17531","reference_id":"CVE-2020-17531","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17531"},{"reference_url":"https://github.com/advisories/GHSA-c566-2grg-mjwg","reference_id":"GHSA-c566-2grg-mjwg","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c566-2grg-mjwg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/469794?format=json","purl":"pkg:maven/org.apache.tapestry/tapestry-core@5.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8321-1g61-9beh"},{"vulnerability":"VCID-dwnm-tf96-7qch"},{"vulnerability":"VCID-q4kd-krs2-zfd6"},{"vulnerability":"VCID-w1xp-16t4-qba5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.6.1"}],"aliases":["CVE-2020-17531","GHSA-c566-2grg-mjwg"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6djj-2pqn-pyd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30563?format=json","vulnerability_id":"VCID-qbvt-v5nm-tbbu","summary":"","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118"},{"reference_url":"http://jvn.jp/en/jp/JVN17611367/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN17611367/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1972","reference_id":"","reference_type":"","scores":[{"value":"0.08822","scoring_system":"epss","scoring_elements":"0.92717","published_at":"2026-06-11T12:55:00Z"},{"value":"0.08822","scoring_system":"epss","scoring_elements":"0.92742","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1972"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Aug/20","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Aug/20"},{"reference_url":"https://github.com/apache/tapestry-5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tapestry-5"},{"reference_url":"https://github.com/apache/tapestry-5/commit/5ad5257fdfacbad2c7c480fdf2afa15d9a37e6b0","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tapestry-5/commit/5ad5257fdfacbad2c7c480fdf2afa15d9a37e6b0"},{"reference_url":"https://github.com/apache/tapestry-5/commit/95846b173d83c2eb42db75dae3e7d5e13a633946","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tapestry-5/commit/95846b173d83c2eb42db75dae3e7d5e13a633946"},{"reference_url":"https://issues.apache.org/jira/browse/TAP5-2008","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/TAP5-2008"},{"reference_url":"https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9@%3Cusers.tapestry.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9@%3Cusers.tapestry.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E"},{"reference_url":"https://tapestry.apache.org/release-notes-536.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tapestry.apache.org/release-notes-536.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/08/23/5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/08/23/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1972","reference_id":"CVE-2014-1972","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1972"},{"reference_url":"https://github.com/advisories/GHSA-c438-8cvq-pxxx","reference_id":"GHSA-c438-8cvq-pxxx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c438-8cvq-pxxx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21848?format=json","purl":"pkg:maven/org.apache.tapestry/tapestry-core@5.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6djj-2pqn-pyd7"},{"vulnerability":"VCID-w1xp-16t4-qba5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.3.6"}],"aliases":["CVE-2014-1972","GHSA-c438-8cvq-pxxx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbvt-v5nm-tbbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211031?format=json","vulnerability_id":"VCID-w1xp-16t4-qba5","summary":"Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31781","reference_id":"","reference_type":"","scores":[{"value":"0.0095","scoring_system":"epss","scoring_elements":"0.7687","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0095","scoring_system":"epss","scoring_elements":"0.768","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31781"},{"reference_url":"https://github.com/apache/tapestry-5/commit/3c8d6103832eec3bc06029dd2532f06df717431f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tapestry-5/commit/3c8d6103832eec3bc06029dd2532f06df717431f"},{"reference_url":"https://www.openwall.com/lists/oss-security/2022/07/12/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2022/07/12/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31781","reference_id":"CVE-2022-31781","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31781"},{"reference_url":"https://github.com/advisories/GHSA-227g-7cvv-6ff3","reference_id":"GHSA-227g-7cvv-6ff3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-227g-7cvv-6ff3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25325?format=json","purl":"pkg:maven/org.apache.tapestry/tapestry-core@5.8.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.8.2"}],"aliases":["CVE-2022-31781","GHSA-227g-7cvv-6ff3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w1xp-16t4-qba5"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.3.2"}