Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/201149?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/201149?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.86", "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat-coyote", "version": "7.0.86", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.0.107", "latest_non_vulnerable_version": "11.0.20", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4465?format=api", "vulnerability_id": "VCID-a8gk-n8bq-87cp", "summary": "When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-24122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52591", "scoring_system": "epss", "scoring_elements": "0.97947", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.52591", "scoring_system": "epss", "scoring_elements": "0.97941", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.52591", "scoring_system": "epss", "scoring_elements": "0.9794", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.52591", "scoring_system": "epss", "scoring_elements": "0.97938", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.52591", "scoring_system": "epss", "scoring_elements": "0.97935", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.52591", "scoring_system": "epss", "scoring_elements": "0.97932", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.52591", "scoring_system": "epss", "scoring_elements": "0.97919", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.52591", "scoring_system": "epss", "scoring_elements": "0.97927", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.52591", "scoring_system": "epss", "scoring_elements": "0.97922", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.52591", "scoring_system": "epss", "scoring_elements": "0.97924", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-24122" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2" }, { "reference_url": "https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177" }, { "reference_url": "https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9" }, { "reference_url": "https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533" }, { "reference_url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24122", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24122" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210212-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210212-0008" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-7.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/01/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/01/14/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917209", "reference_id": "1917209", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917209" }, { "reference_url": "https://security.archlinux.org/AVG-1452", "reference_id": "AVG-1452", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122", "reference_id": "CVE-2021-24122", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122" }, { "reference_url": "https://github.com/advisories/GHSA-2rvv-w9r2-rg7m", "reference_id": "GHSA-2rvv-w9r2-rg7m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2rvv-w9r2-rg7m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0494", "reference_id": "RHSA-2021:0494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0495", "reference_id": "RHSA-2021:0495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3425", "reference_id": "RHSA-2021:3425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/224729?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.107", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.107" }, { "url": "http://public2.vulnerablecode.io/api/packages/80653?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.60", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-885s-t4dx-dybv" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.60" }, { "url": "http://public2.vulnerablecode.io/api/packages/80652?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-885s-t4dx-dybv" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-k9cg-ehdw-dbh6" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/80651?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@10.0.0-M10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@10.0.0-M10" } ], "aliases": [ "CVE-2021-24122", "GHSA-2rvv-w9r2-rg7m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8gk-n8bq-87cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4474?format=api", "vulnerability_id": "VCID-eb37-mkxf-7fgw", "summary": "When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1938.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1938.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94469", "scoring_system": "epss", "scoring_elements": "0.99997", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1938" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/03c436126db6794db5277a3b3d871016fb9a3f23", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/03c436126db6794db5277a3b3d871016fb9a3f23" }, { "reference_url": "https://github.com/apache/tomcat/commit/0d633e72ebc7b3c242d0081c23bba5e4dacd9b72", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/0d633e72ebc7b3c242d0081c23bba5e4dacd9b72" }, { "reference_url": "https://github.com/apache/tomcat/commit/0e8a50f0a5958744bea1fd6768c862e04d3b7e75", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/0e8a50f0a5958744bea1fd6768c862e04d3b7e75" }, { "reference_url": "https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2" }, { "reference_url": "https://github.com/apache/tomcat/commit/49ad3f954f69c6e838c8cd112ad79aa5fa8e7153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/49ad3f954f69c6e838c8cd112ad79aa5fa8e7153" }, { "reference_url": "https://github.com/apache/tomcat/commit/5a5494f023e81aa353e262fb14fff4cd0338a67c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/5a5494f023e81aa353e262fb14fff4cd0338a67c" }, { "reference_url": "https://github.com/apache/tomcat/commit/64159aa1d7cdc2c118fcb5eac098e70129d54a19", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/64159aa1d7cdc2c118fcb5eac098e70129d54a19" }, { "reference_url": "https://github.com/apache/tomcat/commit/64fa5b99442589ef0bf2a7fcd71ad2bc68b35fad", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/64fa5b99442589ef0bf2a7fcd71ad2bc68b35fad" }, { "reference_url": "https://github.com/apache/tomcat/commit/69c56080fb3355507e1b55d014ec0ee6767a6150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/69c56080fb3355507e1b55d014ec0ee6767a6150" }, { "reference_url": "https://github.com/apache/tomcat/commit/7a1406a3cd20fdd90656add6cd8f27ef8f24e957", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/7a1406a3cd20fdd90656add6cd8f27ef8f24e957" }, { "reference_url": "https://github.com/apache/tomcat/commit/9ac90532e9a7d239f90952edb229b07c80a9a3eb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/9ac90532e9a7d239f90952edb229b07c80a9a3eb" }, { "reference_url": "https://github.com/apache/tomcat/commit/9be57601efb8a81e3832feb0dd60b1eb9d2b61d5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/9be57601efb8a81e3832feb0dd60b1eb9d2b61d5" }, { "reference_url": "https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75" }, { "reference_url": "https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba" }, { "reference_url": "https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645" }, { "reference_url": "https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e@%3Cdev.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e@%3Cdev.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794@%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794@%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a@%3Cusers.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a@%3Cusers.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522@%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522@%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425@%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425@%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7@%3Ccommits.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7@%3Ccommits.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca@%3Cbugs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca@%3Cbugs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938" }, { "reference_url": "https://security.gentoo.org/glsa/202003-43", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://security.gentoo.org/glsa/202003-43" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200226-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200226-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200226-0002/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20200226-0002/" }, { "reference_url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000062739", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000062739" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4673", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4673" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4680", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4680" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398", "reference_id": "1806398", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/", "reference_id": "2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952437", "reference_id": "952437", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952437" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938", "reference_id": "CVE-2020-1938", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "apache_tomcat", "scoring_elements": "" }, { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938" }, { "reference_url": "https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi/blob/8bd38f4cf22331ecf4e48096a78c5931509c26be/CNVD-2020-10487-Tomcat-Ajp-lfi.py", "reference_id": "CVE-2020-1938", "reference_type": "exploit", "scores": [], "url": "https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi/blob/8bd38f4cf22331ecf4e48096a78c5931509c26be/CNVD-2020-10487-Tomcat-Ajp-lfi.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48143.py", "reference_id": "CVE-2020-1938", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48143.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49039.rb", "reference_id": "CVE-2020-1938", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49039.rb" }, { "reference_url": "https://github.com/advisories/GHSA-c9hw-wf7x-jp9j", "reference_id": "GHSA-c9hw-wf7x-jp9j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c9hw-wf7x-jp9j" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/", "reference_id": "K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/", "reference_id": "L46WJIV6UV3FWA5O5YEY6XLA73RYD53B", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0855", "reference_id": "RHSA-2020:0855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0860", "reference_id": "RHSA-2020:0860", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0861", "reference_id": "RHSA-2020:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0912", "reference_id": "RHSA-2020:0912", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0912" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1478", "reference_id": "RHSA-2020:1478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1479", "reference_id": "RHSA-2020:1479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1520", "reference_id": "RHSA-2020:1520", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1520" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1521", "reference_id": "RHSA-2020:1521", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2367", "reference_id": "RHSA-2020:2367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2779", "reference_id": "RHSA-2020:2779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2780", "reference_id": "RHSA-2020:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2781", "reference_id": "RHSA-2020:2781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2783", "reference_id": "RHSA-2020:2783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2840", "reference_id": "RHSA-2020:2840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4847", "reference_id": "RHSA-2020:4847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4847" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/201158?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.100", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-nvbx-q971-skgm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.100" }, { "url": "http://public2.vulnerablecode.io/api/packages/201196?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.51", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46bv-6b7y-3bca" }, { "vulnerability": "VCID-885s-t4dx-dybv" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-dzan-r49k-kqab" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-nvbx-q971-skgm" }, { "vulnerability": "VCID-ran8-rnqn-tkbc" }, { "vulnerability": "VCID-wgsc-dnn1-ukeq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/201220?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46bv-6b7y-3bca" }, { "vulnerability": "VCID-885s-t4dx-dybv" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-dzan-r49k-kqab" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-k9cg-ehdw-dbh6" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-nvbx-q971-skgm" }, { "vulnerability": "VCID-ran8-rnqn-tkbc" }, { "vulnerability": "VCID-wgsc-dnn1-ukeq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.31" } ], "aliases": [ "CVE-2020-1938", "GHSA-c9hw-wf7x-jp9j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eb37-mkxf-7fgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4468?format=api", "vulnerability_id": "VCID-nvbx-q971-skgm", "summary": "The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91745", "scoring_system": "epss", "scoring_elements": "0.99683", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.91745", "scoring_system": "epss", "scoring_elements": "0.99687", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.91745", "scoring_system": "epss", "scoring_elements": "0.99685", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.91745", "scoring_system": "epss", "scoring_elements": "0.99684", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.91745", "scoring_system": "epss", "scoring_elements": "0.99682", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.91745", "scoring_system": "epss", "scoring_elements": "0.99681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.91745", "scoring_system": "epss", "scoring_elements": "0.9968", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13935" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5" }, { "reference_url": "https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc427c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc427c3" }, { "reference_url": "https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d" }, { "reference_url": "https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf723784", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf723784" }, { "reference_url": "https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014cc84", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014cc84" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332" }, { "reference_url": "https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200724-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200724-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200724-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200724-0003/" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-7.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://usn.ubuntu.com/4448-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4448-1" }, { "reference_url": "https://usn.ubuntu.com/4448-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4448-1/" }, { "reference_url": "https://usn.ubuntu.com/4596-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4596-1" }, { "reference_url": "https://usn.ubuntu.com/4596-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4596-1/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4727" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857024", "reference_id": "1857024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857024" }, { "reference_url": "https://security.archlinux.org/AVG-1205", "reference_id": "AVG-1205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935", "reference_id": "CVE-2020-13935", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13935", "reference_id": "CVE-2020-13935", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13935" }, { "reference_url": "https://github.com/advisories/GHSA-m7jv-hq7h-mq7c", "reference_id": "GHSA-m7jv-hq7h-mq7c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m7jv-hq7h-mq7c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3303", "reference_id": "RHSA-2020:3303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3303" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3305", "reference_id": "RHSA-2020:3305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3305" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3306", "reference_id": "RHSA-2020:3306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3308", "reference_id": "RHSA-2020:3308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3382", "reference_id": "RHSA-2020:3382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3383", "reference_id": "RHSA-2020:3383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3806", "reference_id": "RHSA-2020:3806", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3806" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4004", "reference_id": "RHSA-2020:4004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5458", "reference_id": "RHSA-2022:5458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5459", "reference_id": "RHSA-2022:5459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5460", "reference_id": "RHSA-2022:5460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/209389?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.105", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8gk-n8bq-87cp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.105" }, { "url": "http://public2.vulnerablecode.io/api/packages/143256?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.57", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-885s-t4dx-dybv" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-ran8-rnqn-tkbc" }, { "vulnerability": "VCID-wgsc-dnn1-ukeq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.57" }, { "url": "http://public2.vulnerablecode.io/api/packages/143258?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.37", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-885s-t4dx-dybv" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-k9cg-ehdw-dbh6" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-ran8-rnqn-tkbc" }, { "vulnerability": "VCID-wgsc-dnn1-ukeq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/209384?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@10.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-885s-t4dx-dybv" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@10.0.2" } ], "aliases": [ "CVE-2020-13935", "GHSA-m7jv-hq7h-mq7c" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nvbx-q971-skgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4475?format=api", "vulnerability_id": "VCID-yfx4-4gsc-2kgh", "summary": "In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1935.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1935.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01366", "scoring_system": "epss", "scoring_elements": "0.80223", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01366", "scoring_system": "epss", "scoring_elements": "0.80213", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01366", "scoring_system": "epss", "scoring_elements": "0.802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01366", "scoring_system": "epss", "scoring_elements": "0.80194", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01366", "scoring_system": "epss", "scoring_elements": "0.80186", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01366", "scoring_system": "epss", "scoring_elements": "0.80158", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01366", "scoring_system": "epss", "scoring_elements": "0.80169", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01366", "scoring_system": "epss", "scoring_elements": "0.80149", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01366", "scoring_system": "epss", "scoring_elements": "0.80142", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1935" }, { "reference_url": "https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d" }, { "reference_url": "https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26" }, { "reference_url": "https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56" }, { "reference_url": "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200327-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200327-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200327-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200327-0005/" }, { "reference_url": "https://usn.ubuntu.com/4448-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4448-1" }, { "reference_url": "https://usn.ubuntu.com/4448-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4448-1/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4673", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4673" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4680", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4680" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835", "reference_id": "1806835", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935", "reference_id": "CVE-2020-1935", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935" }, { "reference_url": "https://github.com/advisories/GHSA-qxf4-chvg-4r8r", "reference_id": "GHSA-qxf4-chvg-4r8r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxf4-chvg-4r8r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1520", "reference_id": "RHSA-2020:1520", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1520" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1521", "reference_id": "RHSA-2020:1521", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2367", "reference_id": "RHSA-2020:2367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3303", "reference_id": "RHSA-2020:3303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3303" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3305", "reference_id": "RHSA-2020:3305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3305" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4847", "reference_id": "RHSA-2020:4847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5020", "reference_id": "RHSA-2020:5020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0882", "reference_id": "RHSA-2021:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1030", "reference_id": "RHSA-2021:1030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1030" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/201158?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.100", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-nvbx-q971-skgm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.100" }, { "url": "http://public2.vulnerablecode.io/api/packages/201196?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.51", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46bv-6b7y-3bca" }, { "vulnerability": "VCID-885s-t4dx-dybv" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-dzan-r49k-kqab" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-nvbx-q971-skgm" }, { "vulnerability": "VCID-ran8-rnqn-tkbc" }, { "vulnerability": "VCID-wgsc-dnn1-ukeq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/201220?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46bv-6b7y-3bca" }, { "vulnerability": "VCID-885s-t4dx-dybv" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-dzan-r49k-kqab" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-k9cg-ehdw-dbh6" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-nvbx-q971-skgm" }, { "vulnerability": "VCID-ran8-rnqn-tkbc" }, { "vulnerability": "VCID-wgsc-dnn1-ukeq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.31" } ], "aliases": [ "CVE-2020-1935", "GHSA-qxf4-chvg-4r8r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yfx4-4gsc-2kgh" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.86" }