DEBIAN-CVE-2022-45143

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2022-45143

Downstream

DSA-5381-1

Published: 03 Jan 2023, 19:15

Last modified:28 Apr 2026, 20:24

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

03 Jan 2023, 19:15

Published

Vulnerability first disclosed

28 Apr 2026, 20:24

Last Modified

Vulnerability information updated

Description

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Systems

debian•tomcat9
< 9.0.43-2~deb11u6 | < 9.0.70-1 | < 9.0.70-1 | < 9.0.70-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2022-45143