What is CVE-2021-27850?

CVE-2021-27850 is a vulnerability in Apache Software Foundation Tapestry, classified under Information Disclosure. Published 2021-04-15.

Is CVE-2021-27850 known to be exploited?

31 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Apache Software Foundation Tapestry

CVE-2021-27850

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-201…

Vulnerability class: Information Disclosure

EPSS: 0.942 (99.9th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Tapestry — versions Apache Tapestry 5.5.0, Apache Tapestry 5.7.0, Apache Tapestry 5.4.5

Weakness classification (CWE)

Public proof-of-concept exploits

References

lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2… (x_refsource_MISC)
[oss-security] 20210414 CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195 (mailing-list, x_refsource_MLIST)
security.netapp.com/advisory/ntap-20210528-0002/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-27850?: CVE-2021-27850 is a vulnerability in Apache Software Foundation Tapestry, classified under Information Disclosure. Published 2021-04-15.
Is CVE-2021-27850 known to be exploited?: 31 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.