How severe is CVE-2022-31781?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-31781?

This is classified as CWE-1333, which is a common weakness in software security.

CVE-2022-31781 - HIGH Severity | CVSS 7.5

Vulnerability Description

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.

Related Vulnerabilities

CVE-2015-10005

HIGH

CVSS:7.5(High)

A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regu...

CWE-13332015

CVE-2015-8315

HIGH

CVSS:7.5(High)

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

CWE-13332015

CVE-2015-8854

HIGH

CVSS:7.5(High)

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline ru...

CWE-13332015

CVE-2017-20165

HIGH

CVSS:7.5(High)

A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to ineff...

CWE-13332017

CVE-2018-25049

HIGH

CVSS:7.5(High)

A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular...

CWE-13332018

CVE-2018-25061

HIGH

CVSS:7.5(High)

A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The...

CWE-13332018