Sign In

CVE-2022-45143

ADVISORY - github

Summary

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 does not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

EPSS Score: 0.00788 (0.731)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-116

Improper Encoding or Escaping of Output

ADVISORY - github

CWE-116

Improper Encoding or Escaping of Output

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-116

Improper Encoding or Escaping of Output

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in