Apache Tapestry Unsafe Object Storage
High severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Aug 16, 2023
Description
Published by the National Vulnerability Database
Aug 22, 2015
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Aug 7, 2023
Last updated
Aug 16, 2023
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.
References