CVE-2014-1972
Apache Tapestry Unsafe Object Storage
EPSS 8.8%
Description
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.
How to fix CVE-2014-1972
To remediate CVE-2014-1972, upgrade the affected package to a fixed version below.
- Maven/org.apache.tapestry:tapestry-core—upgrade to 5.3.6 or later
Is CVE-2014-1972 being exploited?
Moderate — EPSS is 8.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 5.3.6