VYPR
High severityNVD Advisory· Published Apr 27, 2021· Updated Aug 3, 2024

An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later

CVE-2021-30638

Description

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tapestry:tapestry-coreMaven
>= 5.4.0, < 5.6.45.6.4
org.apache.tapestry:tapestry-coreMaven
>= 5.7.0, < 5.7.25.7.2

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.