Description
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
Remediation
References
https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj
https://security.gentoo.org/glsa/202305-37
Related Vulnerabilities
CVE-2022-24785 Vulnerability in npm package moment
CVE-2023-0481 Vulnerability in maven package io.quarkus.resteasy.reactive:resteasy-reactive-common
CVE-2019-14540 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2023-6134 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2023-6394 Vulnerability in maven package io.quarkus:quarkus-smallrye-graphql-client