Apache Apache Tapestry
2 CVEs affecting Apache Apache Tapestry. Latest disclosed: 2019-09-16. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-10071 | | 2019-09-16 | The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC sign… | |
CVE-2019-0207 | | 2019-09-16 | Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`… |