7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31781

GHSA ID

GHSA-227g-7cvv-6ff3

EPSS Score

0.77868%

CWE

CWE-400

Published

7/14/2022

Updated

7/24/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-31781

CVE-2022-31781: Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31781

GHSA ID

GHSA-227g-7cvv-6ff3

EPSS Score

0.77868%

CWE

CWE-400

Published

7/14/2022

Updated

7/24/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.tapestry:tapestry-core	maven	< 5.8.2	5.8.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the regex pattern in ContentType's constructor. The original pattern used '(; (param=value))' with an unbounded quantifier (), which is vulnerable to ReDoS via exponential backtracking. The commit 3c8d610 shows the fix was to limit parameters to {0,5} repetitions. The added test case demonstrates this by triggering a timeout with excessive parameters. Since the constructor directly processes input using this regex, it's the clear vulnerable entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** T*p*stry up to v*rsion *.*.* is vuln*r**l* to R**ul*r *xpr*ssion **ni*l o* S*rvi** (R**oS) in t** w*y it **n*l*s *ont*nt Typ*s. Sp**i*lly *r**t** *ont*nt Typ*s m*y **us* **t*strop*i* ***ktr**kin*, t*kin* *xpon*nti*l tim* to *ompl*t*. Sp**i*i**

Reasoning

T** vuln*r**ility st*ms *rom t** r***x p*tt*rn in *ont*ntTyp*'s *onstru*tor. T** ori*in*l p*tt*rn us** '(; (p*r*m=v*lu*))*' wit* *n un*oun*** qu*nti*i*r (*), w*i** is vuln*r**l* to R**oS vi* *xpon*nti*l ***ktr**kin*. T** *ommit ******* s*ows t** *ix

7.5

Basic Information

Concerned about an active attack path?

CVE-2022-31781: Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI