Description
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
Remediation
References
https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj
https://security.gentoo.org/glsa/202305-37
https://security.netapp.com/advisory/ntap-20230216-0009/
Related Vulnerabilities
CVE-2020-2214 Vulnerability in maven package org.jenkins-ci.plugins:zap-pipeline
CVE-2023-45133 Vulnerability in maven package org.webjars.npm:babel__traverse
CVE-2020-7011 Vulnerability in npm package @elastic/app-search-javascript
CVE-2007-5333 Vulnerability in maven package tomcat:tomcat-coyote
CVE-2022-34271 Vulnerability in maven package org.apache.atlas:atlas-intg