cvedb.io
CVE-2022-45143
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2023-01-03T19:15:10.403 · Last modified 2026-06-17T05:09:27.230

Summary

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

Affected products

apache — tomcat

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.