Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tapestry/tapestry-core@5.4.4
Typemaven
Namespaceorg.apache.tapestry
Nametapestry-core
Version5.4.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.6.4
Latest_non_vulnerable_version5.8.2
Affected_by_vulnerabilities
0
url VCID-4dkw-1egc-uqfr
vulnerability_id VCID-4dkw-1egc-uqfr
summary 
Deserialization of Untrusted Data
A critical unauthenticated remote code execution vulnerability was found in Apache Tapestry.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27850
reference_id
reference_type
scores
0
value 0.94219
scoring_system epss
scoring_elements 0.99927
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27850
1
reference_url https://issues.apache.org/jira/browse/TAP5-2663
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/TAP5-2663
2
reference_url https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E
3
reference_url https://security.netapp.com/advisory/ntap-20210528-0002
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210528-0002
4
reference_url http://www.openwall.com/lists/oss-security/2021/04/15/1
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/04/15/1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27850
reference_id CVE-2021-27850
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27850
fixed_packages
0
url pkg:maven/org.apache.tapestry/tapestry-core@5.6.2
purl pkg:maven/org.apache.tapestry/tapestry-core@5.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-byrs-fwaw-z3aw
1
vulnerability VCID-jzah-6eyd-cqce
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.6.2
1
url pkg:maven/org.apache.tapestry/tapestry-core@5.6.3
purl pkg:maven/org.apache.tapestry/tapestry-core@5.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-byrs-fwaw-z3aw
1
vulnerability VCID-jzah-6eyd-cqce
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.6.3
2
url pkg:maven/org.apache.tapestry/tapestry-core@5.7.1
purl pkg:maven/org.apache.tapestry/tapestry-core@5.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-byrs-fwaw-z3aw
1
vulnerability VCID-jzah-6eyd-cqce
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.7.1
aliases CVE-2021-27850, GHSA-mj8x-cpr8-x39h
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4dkw-1egc-uqfr
1
url VCID-7a29-tz45-dudf
vulnerability_id VCID-7a29-tz45-dudf
summary 
Path Traversal
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which does not filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0207
reference_id
reference_type
scores
0
value 0.01368
scoring_system epss
scoring_elements 0.80539
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0207
1
reference_url https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d@%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d@%3Cusers.tapestry.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0207
reference_id CVE-2019-0207
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0207
fixed_packages
0
url pkg:maven/org.apache.tapestry/tapestry-core@5.4.5
purl pkg:maven/org.apache.tapestry/tapestry-core@5.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4dkw-1egc-uqfr
1
vulnerability VCID-apb7-35y8-eyae
2
vulnerability VCID-byrs-fwaw-z3aw
3
vulnerability VCID-jzah-6eyd-cqce
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.4.5
aliases CVE-2019-0207, GHSA-89r3-rcpj-h7w6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7a29-tz45-dudf
2
url VCID-apb7-35y8-eyae
vulnerability_id VCID-apb7-35y8-eyae
summary 
Deserialization of Untrusted Data
A Java Serialization vulnerability was found in Apache Tapestry Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-17531
reference_id
reference_type
scores
0
value 0.64089
scoring_system epss
scoring_elements 0.98452
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-17531
1
reference_url https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76@%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76@%3Cusers.tapestry.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E
3
reference_url https://security.netapp.com/advisory/ntap-20210115-0007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210115-0007
4
reference_url https://security.netapp.com/advisory/ntap-20210115-0007/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210115-0007/
5
reference_url http://www.openwall.com/lists/oss-security/2022/12/02/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/12/02/1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-17531
reference_id CVE-2020-17531
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-17531
7
reference_url https://github.com/advisories/GHSA-c566-2grg-mjwg
reference_id GHSA-c566-2grg-mjwg
reference_type
scores
url https://github.com/advisories/GHSA-c566-2grg-mjwg
fixed_packages
0
url pkg:maven/org.apache.tapestry/tapestry-core@5.6.1
purl pkg:maven/org.apache.tapestry/tapestry-core@5.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4dkw-1egc-uqfr
1
vulnerability VCID-byrs-fwaw-z3aw
2
vulnerability VCID-jzah-6eyd-cqce
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.6.1
aliases CVE-2020-17531, GHSA-c566-2grg-mjwg
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-apb7-35y8-eyae
3
url VCID-byrs-fwaw-z3aw
vulnerability_id VCID-byrs-fwaw-z3aw
summary Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-30638
reference_id
reference_type
scores
0
value 0.05311
scoring_system epss
scoring_elements 0.90204
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-30638
1
reference_url https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E
2
reference_url https://security.netapp.com/advisory/ntap-20210528-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210528-0004
3
reference_url https://www.zerodayinitiative.com/advisories/ZDI-21-491
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-21-491
4
reference_url http://www.openwall.com/lists/oss-security/2021/04/27/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/04/27/3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-30638
reference_id CVE-2021-30638
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-30638
fixed_packages
0
url pkg:maven/org.apache.tapestry/tapestry-core@5.6.4
purl pkg:maven/org.apache.tapestry/tapestry-core@5.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.6.4
1
url pkg:maven/org.apache.tapestry/tapestry-core@5.7.2
purl pkg:maven/org.apache.tapestry/tapestry-core@5.7.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.7.2
aliases CVE-2021-30638, GHSA-ghm8-mmx7-xvg2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-byrs-fwaw-z3aw
4
url VCID-jzah-6eyd-cqce
vulnerability_id VCID-jzah-6eyd-cqce
summary 
Files or Directories Accessible to External Parties
In Apache Tapestry, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13953
reference_id
reference_type
scores
0
value 0.01797
scoring_system epss
scoring_elements 0.83121
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13953
1
reference_url https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb@%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb@%3Cusers.tapestry.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13953
reference_id CVE-2020-13953
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13953
fixed_packages
0
url pkg:maven/org.apache.tapestry/tapestry-core@5.6.0
purl pkg:maven/org.apache.tapestry/tapestry-core@5.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4dkw-1egc-uqfr
1
vulnerability VCID-apb7-35y8-eyae
2
vulnerability VCID-byrs-fwaw-z3aw
3
vulnerability VCID-jzah-6eyd-cqce
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.6.0
1
url pkg:maven/org.apache.tapestry/tapestry-core@5.6.4
purl pkg:maven/org.apache.tapestry/tapestry-core@5.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.6.4
2
url pkg:maven/org.apache.tapestry/tapestry-core@5.7.2
purl pkg:maven/org.apache.tapestry/tapestry-core@5.7.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.7.2
aliases CVE-2020-13953, GHSA-w9mp-p2wp-2xf7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jzah-6eyd-cqce
Fixing_vulnerabilities
0
url VCID-4r1h-dgv4-8yep
vulnerability_id VCID-4r1h-dgv4-8yep
summary 
Improper Input Validation
The code which checks HMAC in form submissions used `String.equals()` for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10071
reference_id
reference_type
scores
0
value 0.09816
scoring_system epss
scoring_elements 0.93113
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10071
1
reference_url https://lists.apache.org/thread.html/6e8f42c88da7be3c60aafe3f6a85eb00b4f8b444de26b38d36233a43@%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6e8f42c88da7be3c60aafe3f6a85eb00b4f8b444de26b38d36233a43@%3Cusers.tapestry.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/7a437dad5af7309aba4d01bfc2463b3ac34e6aafaa565381d3a36460@%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7a437dad5af7309aba4d01bfc2463b3ac34e6aafaa565381d3a36460@%3Cusers.tapestry.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10071
reference_id CVE-2019-10071
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10071
fixed_packages
0
url pkg:maven/org.apache.tapestry/tapestry-core@5.4.4
purl pkg:maven/org.apache.tapestry/tapestry-core@5.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4dkw-1egc-uqfr
1
vulnerability VCID-7a29-tz45-dudf
2
vulnerability VCID-apb7-35y8-eyae
3
vulnerability VCID-byrs-fwaw-z3aw
4
vulnerability VCID-jzah-6eyd-cqce
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.4.4
1
url pkg:maven/org.apache.tapestry/tapestry-core@5.4.5
purl pkg:maven/org.apache.tapestry/tapestry-core@5.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4dkw-1egc-uqfr
1
vulnerability VCID-apb7-35y8-eyae
2
vulnerability VCID-byrs-fwaw-z3aw
3
vulnerability VCID-jzah-6eyd-cqce
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.4.5
aliases CVE-2019-10071, GHSA-fgmr-vx7c-5wj6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4r1h-dgv4-8yep
1
url VCID-wkrc-6y9x-qqet
vulnerability_id VCID-wkrc-6y9x-qqet
summary 
Deserialization of Untrusted Data
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the `tapestry.hmac-passphrase` configuration symbol, most probably the webapp's AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the `t:formdata` parameter from the Form component.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0195
reference_id
reference_type
scores
0
value 0.14226
scoring_system epss
scoring_elements 0.94518
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0195
1
reference_url https://lists.apache.org/thread.html/5173c4eed06e2fca6fd5576ed723ff6bb1711738ec515cb51a04ab24@%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5173c4eed06e2fca6fd5576ed723ff6bb1711738ec515cb51a04ab24@%3Cusers.tapestry.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/6c40c1e03d2131119f9b77882431a0050f02bf9cae9ee48b84d012df@%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6c40c1e03d2131119f9b77882431a0050f02bf9cae9ee48b84d012df@%3Cusers.tapestry.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/a4092cb3bacb143571024e79c0016c039b6c982423daa33a7a5c794a@%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a4092cb3bacb143571024e79c0016c039b6c982423daa33a7a5c794a@%3Cusers.tapestry.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751@%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751@%3Cusers.tapestry.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E
7
reference_url http://www.openwall.com/lists/oss-security/2021/04/15/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/04/15/1
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0195
reference_id CVE-2019-0195
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0195
fixed_packages
0
url pkg:maven/org.apache.tapestry/tapestry-core@5.4.4
purl pkg:maven/org.apache.tapestry/tapestry-core@5.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4dkw-1egc-uqfr
1
vulnerability VCID-7a29-tz45-dudf
2
vulnerability VCID-apb7-35y8-eyae
3
vulnerability VCID-byrs-fwaw-z3aw
4
vulnerability VCID-jzah-6eyd-cqce
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.4.4
1
url pkg:maven/org.apache.tapestry/tapestry-core@5.4.5
purl pkg:maven/org.apache.tapestry/tapestry-core@5.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4dkw-1egc-uqfr
1
vulnerability VCID-apb7-35y8-eyae
2
vulnerability VCID-byrs-fwaw-z3aw
3
vulnerability VCID-jzah-6eyd-cqce
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.4.5
aliases CVE-2019-0195, GHSA-6mwh-fw4p-75fj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wkrc-6y9x-qqet
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.4.4