⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2021-27850

CWE-200Information ExposureCWE-502Deserialization of Untrusted DataCWE-9226 documents6 sources
Severity
9.8CRITICAL
EPSS
94.2%
top 0.08%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Apache Software Foundation Apache TapestryApache Tapestry
Timeline
PublishedApr 15
Latest updateJun 16

Description

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5apache_software_foundation/apache_tapestryApache Tapestry 5.4.5Apache Tapestry 5.4.0*+3
NVDapache/tapestry5.4.05.6.2+1
Mavenorg.apache.tapestry:tapestry-core5.4.05.6.3+1

🔴Vulnerability Details

4
OSV
Remote code execution in Apache Tapestry2021-06-16
GHSA
Remote code execution in Apache Tapestry2021-06-16
CVEList
Bypass of the fix for CVE-2019-01952021-04-15
VulnCheck
Apache tapestry Exposure of Sensitive Information to an Unauthorized Actor2021

💥Exploits & PoCs

1
Nuclei
Apache Tapestry - Remote Code Execution
CVE-2021-27850 (CRITICAL CVSS 9.8) | A critical unauthenticated remote c | cvebase.io