{"id":"CVE-2022-45143","details":"The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.","aliases":["BIT-tomcat-2022-45143","GHSA-rq2w-37h9-vg94"],"modified":"2026-04-16T04:32:49.214649899Z","published":"2023-01-03T19:15:10.403Z","related":["SUSE-SU-2023:1853-1","openSUSE-SU-2024:12847-1","openSUSE-SU-2024:13441-1"],"references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202305-37"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230216-0009/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/tomcat","events":[{"introduced":"11cce490eb67a8aca64377a22c0cea2e38896725"},{"fixed":"cd5fd93c5df3699868ec39731f5a347450112299"},{"introduced":"0"},{"last_affected":"702df4f4db92b59e01d5d8824190ce2652d74a76"},{"introduced":"0"},{"last_affected":"f2ab9ac8bc3f40ee9b2cb50b030c99df927f0429"},{"introduced":"0"},{"last_affected":"dc3639dd7123301ced18dbf4ddf2dca93704870d"},{"introduced":"0"},{"last_affected":"049799677ba307378a256621bb1a7b03f597571c"},{"introduced":"0"},{"last_affected":"d08498a3cefa7206bad791acf019455794f865ea"},{"introduced":"0"},{"last_affected":"faa2582152d9dcbcb444700df340e10a85fc375f"},{"introduced":"0"},{"last_affected":"02e84c839def0228475fad85d0b19abc2f70b03f"},{"introduced":"0"},{"last_affected":"dcf3e81b2e709574971c7a9592614d70c1b55bf7"},{"introduced":"0"},{"last_affected":"02c4004b52be88a04a7372577d56da0f9ed3a7fe"},{"introduced":"0"},{"last_affected":"7a261dff58bc9581317c400b5c0fa4f7ae371fda"},{"introduced":"0"},{"last_affected":"0e59fedb28df646930c5aff945159b64d7a52260"},{"introduced":"0"},{"last_affected":"8778a44d6323c1066237043a89ab2f36696916b1"},{"introduced":"0"},{"last_affected":"e706972942e2c342e4a37baf5e2596f11e8a0e94"},{"introduced":"0"},{"last_affected":"2a10c8d9110d7b1c7f526f3352648c6b19ba2c52"},{"introduced":"0"},{"last_affected":"51d1031c36c0f2b3ee1e0d14b56228a559144153"},{"introduced":"0"},{"last_affected":"0f3f1e439a040068b741d77777766722e4420ad6"},{"introduced":"0"},{"last_affected":"cd53876fefaa370c31466b0f615e9ad026541a27"},{"introduced":"0"},{"last_affected":"02d546ba3c553c74ff1a99ecc166a6ff9c501ba8"},{"introduced":"0"},{"last_affected":"934df02dc68e72b95a38f372017f1b89b0d13a76"}],"database_specific":{"versions":[{"introduced":"9.0.40"},{"fixed":"9.0.69"},{"introduced":"0"},{"last_affected":"8.5.83"},{"introduced":"0"},{"last_affected":"10.1.0-milestone1"},{"introduced":"0"},{"last_affected":"10.1.0-milestone10"},{"introduced":"0"},{"last_affected":"10.1.0-milestone11"},{"introduced":"0"},{"last_affected":"10.1.0-milestone12"},{"introduced":"0"},{"last_affected":"10.1.0-milestone13"},{"introduced":"0"},{"last_affected":"10.1.0-milestone14"},{"introduced":"0"},{"last_affected":"10.1.0-milestone15"},{"introduced":"0"},{"last_affected":"10.1.0-milestone16"},{"introduced":"0"},{"last_affected":"10.1.0-milestone17"},{"introduced":"0"},{"last_affected":"10.1.0-milestone2"},{"introduced":"0"},{"last_affected":"10.1.0-milestone3"},{"introduced":"0"},{"last_affected":"10.1.0-milestone4"},{"introduced":"0"},{"last_affected":"10.1.0-milestone5"},{"introduced":"0"},{"last_affected":"10.1.0-milestone6"},{"introduced":"0"},{"last_affected":"10.1.0-milestone7"},{"introduced":"0"},{"last_affected":"10.1.0-milestone8"},{"introduced":"0"},{"last_affected":"10.1.0-milestone9"},{"introduced":"0"},{"last_affected":"10.1.1"}]}}],"versions":["10.1.0-M1","10.1.0-M10","10.1.0-M11","10.1.0-M12","10.1.0-M13","10.1.0-M14","10.1.0-M15","10.1.0-M16","10.1.0-M17","10.1.0-M2","10.1.0-M3","10.1.0-M4","10.1.0-M5","10.1.0-M6","10.1.0-M7","10.1.0-M8","10.1.0-M9","10.1.1","8.5.83"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45143.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}