CVE-2022-45143

CVE-2022-45143: Apache Tomcat: JsonErrorReportValve escaping

Vendor Apache Software Foundation

Product Apache Tomcat

Weakness CWE-116

Published January 3, 2023

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

Key dates

Disclosure timeline

January 3, 2023 CVE published

August 3, 2024 Record updated

Identifiers

CVE CVE-2022-45143

CWE CWE-116

Affected versions

Vendor Apache Software Foundation

Product Apache Tomcat

Affected ≥ 10.1.0-M1 and ≤ 10.1.1

Vendor Apache Software Foundation

Product Apache Tomcat

Affected ≥ 9.0.40 and ≤ 9.0.68

Vendor Apache Software Foundation

Product Apache Tomcat

Affected 8.5.83