CVE-2014-1972
published 2015-08-22CVE-2014-1972: Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to…
high7.8CVSS 3.1
AVNACLAuNCNINAC
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tapestry | <= 5.3.5 | — |