On Mon, Oct 7, 2019 at 11:35 AM Nourredine K.
wrote:
> Hello Thiago,
>
Hello!
> Does this CVE concerns only Tapestry 5.4 ? What about 5.1, 5.2 and 5.3 ?
>
Versions affected: all Apache Tapestry versions between 5.4.0, including
its betas, and 5.4.3
> I think we should create a dedicated jir
Hello Thiago,
Does this CVE concerns only Tapestry 5.4 ? What about 5.1, 5.2 and 5.3 ?
I think we should create a dedicated jira ticket for each CVE to allow
security dev track Tapestry CVE more easily.
Regards,
Nouredine
Le ven. 13 sept. 2019 à 16:11, Thiago H. de Paula Figueiredo <
thiag...@g
CVE-2019-0195: File reading Leads Java Deserialization Vulnerability
Severity: important
Vendor: The Apache Software Foundation
Versions affected: all Apache Tapestry versions between 5.4.0, including
its betas, and 5.4.3
Description:
Manipulating classpath asset file URLs, an attacker could guess
