CVE-2012-2965 – com.caucho:resin

Package

Manager: maven
Name: com.caucho:resin
Vulnerable Version: >=0 <4.0.29

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.00545 pctl0.66801

Details

Caucho Quercus, as distributed in Resin, does not properly handle unspecified characters in the names of variables Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue.

Metadata

Created: 2022-05-17T05:23:56Z
Modified: 2025-04-12T02:59:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p332-fw36-4hqx/GHSA-p332-fw36-4hqx.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-p332-fw36-4hqx
Finding: F184
Auto approve: 1