CVE-2022-45143
ADVISORY - githubSummary
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 does not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
Common Weakness Enumeration (CWE)
Improper Encoding or Escaping of Output
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Improper Encoding or Escaping of Output
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
NIST
3.9
CVSS SCORE
7.5highGitHub
CVSS SCORE
7.5highDebian
-
Ubuntu
3.9
CVSS SCORE
7.5mediumAmazon
-
CVSS SCORE
N/AhighBitnami
BIT-2022-45143
-
CVSS SCORE
N/AhighBitnami
BIT-tomcat-2022-45143
3.9
CVSS SCORE
7.5highRed Hat
3.9
CVSS SCORE
7.5lowPhoton
CVE-2022-45143
-