CVE-2022-31781 - OpenCVE

Vendors	Products
Apache	Tapestry

Link	Resource
https://www.openwall.com/lists/oss-security/2022/07/12/3	Mailing List Vendor Advisory

{"containers": {"cna": {"affected": [{"product": "Apache Tapestry", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "5.8.1", "status": "affected", "version": "5.8.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "CodeQL team members [@atorralba (Tony Torralba)](https://github.com/atorralba) and [@joefarebrother (Joseph Farebrother)](https://github.com/joefarebrother)."}], "descriptions": [{"lang": "en", "value": "Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor."}], "metrics": [{"other": {"content": {"other": "low"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1333", "description": "CWE-1333 Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-07-25T08:10:31.213Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2022/07/12/3"}], "source": {"discovery": "UNKNOWN"}, "title": "Regular Expression Denial of Service (ReDoS) in ContentType.java. (GHSL-2022-022)", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2022-31781", "STATE": "PUBLIC", "TITLE": "Regular Expression Denial of Service (ReDoS) in ContentType.java. (GHSL-2022-022)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Tapestry", "version": {"version_data": [{"version_affected": "<", "version_name": "5.8.1", "version_value": "5.8.1"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "CodeQL team members [@atorralba (Tony Torralba)](https://github.com/atorralba) and [@joefarebrother (Joseph Farebrother)](https://github.com/joefarebrother)."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "low"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-1333 Inefficient Regular Expression Complexity"}]}]}, "references": {"reference_data": [{"name": "https://www.openwall.com/lists/oss-security/2022/07/12/3", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/07/12/3"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-31781", "datePublished": "2022-07-13T07:25:10", "dateReserved": "2022-05-27T00:00:00", "dateUpdated": "2023-07-25T08:10:31.213Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*", "matchCriteriaId": "74B1B9B9-B0DD-42B4-86BE-587593E365E3", "versionEndExcluding": "5.8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor."}, {"lang": "es", "value": "Apache Tapestry versiones hasta 5.8.1 es vulnerable a una Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular (ReDoS) en la forma en que maneja los Tipos de Contenido. Los Tipos de Contenido especialmente dise\u00f1ados pueden causar un retroceso catastr\u00f3fico, tardando un tiempo exponencial en completarse. En concreto, esto es acerca de la expresi\u00f3n regular usada en el par\u00e1metro de la clase org.apache.tapestry5.http.ContentType. Apache Tapestry versi\u00f3n 5.8.2 presenta una correcci\u00f3n para esta vulnerabilidad. Obs\u00e9rvese que la vulnerabilidad no puede ser desencadenada s\u00f3lo por peticiones web en el c\u00f3digo de Tapestry. S\u00f3lo ocurrir\u00eda si se presenta alg\u00fan codepath no Tapestry pasando alguna entrada externa al constructor de la clase ContentType"}], "id": "CVE-2022-31781", "lastModified": "2023-08-02T17:21:03.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-13T08:15:07.213", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/07/12/3"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1333"}], "source": "security@apache.org", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1333"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

JSON object

JSON object

JSON object