Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat@7.0.106

Type maven

Namespace org.apache.tomcat

Name tomcat

Version 7.0.106

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 9.0.117

Latest_non_vulnerable_version 11.0.21

Affected_by_vulnerabilities

url VCID-a8gk-n8bq-87cp

vulnerability_id VCID-a8gk-n8bq-87cp

summary When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-24122

reference_id

reference_type

scores

value	0.52591
scoring_system	epss
scoring_elements	0.97947
published_at	2026-04-16T12:55:00Z

value	0.52591
scoring_system	epss
scoring_elements	0.97941
published_at	2026-04-13T12:55:00Z

value	0.52591
scoring_system	epss
scoring_elements	0.9794
published_at	2026-04-12T12:55:00Z

value	0.52591
scoring_system	epss
scoring_elements	0.97938
published_at	2026-04-11T12:55:00Z

value	0.52591
scoring_system	epss
scoring_elements	0.97935
published_at	2026-04-09T12:55:00Z

value	0.52591
scoring_system	epss
scoring_elements	0.97932
published_at	2026-04-08T12:55:00Z

value	0.52591
scoring_system	epss
scoring_elements	0.97919
published_at	2026-04-01T12:55:00Z

value	0.52591
scoring_system	epss
scoring_elements	0.97927
published_at	2026-04-07T12:55:00Z

value	0.52591
scoring_system	epss
scoring_elements	0.97922
published_at	2026-04-02T12:55:00Z

value	0.52591
scoring_system	epss
scoring_elements	0.97924
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-24122

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2

reference_url

https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177

reference_url

https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9

reference_url

https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533

reference_url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-24122

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-24122

reference_url

https://security.netapp.com/advisory/ntap-20210212-0008

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210212-0008

reference_url

https://tomcat.apache.org/security-10.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-10.html

reference_url

https://tomcat.apache.org/security-7.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-7.html

reference_url

https://tomcat.apache.org/security-8.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-8.html

reference_url

https://tomcat.apache.org/security-9.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-9.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

http://www.openwall.com/lists/oss-security/2021/01/14/1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/01/14/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1917209
reference_id	1917209
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1917209

reference_url

https://security.archlinux.org/AVG-1452

reference_id

AVG-1452

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1452

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122

reference_id

CVE-2021-24122

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122

reference_url

https://github.com/advisories/GHSA-2rvv-w9r2-rg7m

reference_id

GHSA-2rvv-w9r2-rg7m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2rvv-w9r2-rg7m

reference_url	https://access.redhat.com/errata/RHSA-2021:0494
reference_id	RHSA-2021:0494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0494

reference_url	https://access.redhat.com/errata/RHSA-2021:0495
reference_id	RHSA-2021:0495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0495

reference_url	https://access.redhat.com/errata/RHSA-2021:3425
reference_id	RHSA-2021:3425
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3425

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@7.0.107

purl pkg:maven/org.apache.tomcat/tomcat@7.0.107

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-66kh-s6cr-tqf9

vulnerability	VCID-e7kd-kk57-mkd6

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-n3ab-nk7c-hqc9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.107

url pkg:maven/org.apache.tomcat/tomcat@8.5.60

purl pkg:maven/org.apache.tomcat/tomcat@8.5.60

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-cfhw-vmcp-y3bc

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.60

url pkg:maven/org.apache.tomcat/tomcat@9.0.40

purl pkg:maven/org.apache.tomcat/tomcat@9.0.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-cfhw-vmcp-y3bc

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-stds-vw5z-auhp

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.40

url pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10

purl pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10

aliases CVE-2021-24122, GHSA-2rvv-w9r2-rg7m

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8gk-n8bq-87cp

url VCID-e7kd-kk57-mkd6

vulnerability_id VCID-e7kd-kk57-mkd6

summary A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8022.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8022.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8022

reference_id

reference_type

scores

value	0.00187
scoring_system	epss
scoring_elements	0.40578
published_at	2026-04-16T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40476
published_at	2026-04-01T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40556
published_at	2026-04-02T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40583
published_at	2026-04-04T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40505
published_at	2026-04-07T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40555
published_at	2026-04-08T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40566
published_at	2026-04-09T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40586
published_at	2026-04-11T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40549
published_at	2026-04-12T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.4053
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8022

reference_url

https://bugzilla.suse.com/show_bug.cgi?id=1172405

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.suse.com/show_bug.cgi?id=1172405

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1852863
reference_id	1852863
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1852863

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8022

reference_id

CVE-2020-8022

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8022

reference_url

https://github.com/advisories/GHSA-gc58-v8h3-x2gr

reference_id

GHSA-gc58-v8h3-x2gr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gc58-v8h3-x2gr

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@8.0.53

purl pkg:maven/org.apache.tomcat/tomcat@8.0.53

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g7bk-891a-uufy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.53

url pkg:maven/org.apache.tomcat/tomcat@9.0.35

purl pkg:maven/org.apache.tomcat/tomcat@9.0.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-ran8-rnqn-tkbc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.35

aliases CVE-2020-8022, GHSA-gc58-v8h3-x2gr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e7kd-kk57-mkd6

url VCID-kwab-3s4q-eka4

vulnerability_id VCID-kwab-3s4q-eka4

summary A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30640

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.30113
published_at	2026-04-16T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30098
published_at	2026-04-13T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30148
published_at	2026-04-12T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30191
published_at	2026-04-11T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30188
published_at	2026-04-09T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30152
published_at	2026-04-08T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30093
published_at	2026-04-07T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30275
published_at	2026-04-04T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30226
published_at	2026-04-02T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30195
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30640

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100

reference_url	https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f

reference_url	https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c

reference_url	https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0

reference_url	https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945

reference_url	https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7

reference_url	https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe

reference_url	https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38

reference_url	https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434

reference_url	https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b

reference_url	https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89

reference_url	https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56

reference_url	https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375

reference_url	https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43

reference_url	https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b

reference_url	https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef

reference_url	https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb

reference_url	https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e

reference_url	https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822

reference_url	https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972

reference_url	https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667

reference_url	https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9

reference_url	https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862

reference_url	https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51

reference_url	https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6

reference_url

https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html

reference_url

https://security.gentoo.org/glsa/202208-34

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202208-34

reference_url

https://security.netapp.com/advisory/ntap-20210827-0007

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210827-0007

reference_url	https://security.netapp.com/advisory/ntap-20210827-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210827-0007/

reference_url

https://www.debian.org/security/2021/dsa-4952

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4952

reference_url

https://www.debian.org/security/2021/dsa-4986

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4986

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1981544
reference_id	1981544
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1981544

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046
reference_id	991046
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640

reference_id

CVE-2021-30640

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-30640

reference_id

CVE-2021-30640

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-30640

reference_url

https://github.com/advisories/GHSA-36qh-35cm-5w2w

reference_id

GHSA-36qh-35cm-5w2w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-36qh-35cm-5w2w

reference_url	https://access.redhat.com/errata/RHSA-2021:4861
reference_id	RHSA-2021:4861
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4861

reference_url	https://access.redhat.com/errata/RHSA-2021:4863
reference_id	RHSA-2021:4863
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4863

reference_url	https://access.redhat.com/errata/RHSA-2022:1179
reference_id	RHSA-2022:1179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1179

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://usn.ubuntu.com/5360-1/
reference_id	USN-5360-1
reference_type
scores
url	https://usn.ubuntu.com/5360-1/

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@7.0.109

purl pkg:maven/org.apache.tomcat/tomcat@7.0.109

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e7kd-kk57-mkd6

vulnerability	VCID-yrzk-1dbk-muhy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.109

url pkg:maven/org.apache.tomcat/tomcat@8.5.65

purl pkg:maven/org.apache.tomcat/tomcat@8.5.65

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.65

url pkg:maven/org.apache.tomcat/tomcat@8.5.66

purl pkg:maven/org.apache.tomcat/tomcat@8.5.66

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-885s-t4dx-dybv

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.66

url pkg:maven/org.apache.tomcat/tomcat@9.0.45

purl pkg:maven/org.apache.tomcat/tomcat@9.0.45

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-stds-vw5z-auhp

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.45

url pkg:maven/org.apache.tomcat/tomcat@9.0.46

purl pkg:maven/org.apache.tomcat/tomcat@9.0.46

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-885s-t4dx-dybv

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-stds-vw5z-auhp

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.46

url pkg:maven/org.apache.tomcat/tomcat@10.0.5

purl pkg:maven/org.apache.tomcat/tomcat@10.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.5

url pkg:maven/org.apache.tomcat/tomcat@10.0.6

purl pkg:maven/org.apache.tomcat/tomcat@10.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-885s-t4dx-dybv

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.6

aliases CVE-2021-30640, GHSA-36qh-35cm-5w2w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwab-3s4q-eka4

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.106

Package Instance