Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M18
Typemaven
Namespaceorg.apache.tomcat.embed
Nametomcat-embed-core
Version11.0.0-M18
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version11.0.9
Latest_non_vulnerable_version11.0.21
Affected_by_vulnerabilities
0
url VCID-fpgj-82wf-ykbw
vulnerability_id VCID-fpgj-82wf-ykbw
summary 
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.
The following versions were EOL at the time the CVE was created but are 
known to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53506
reference_id
reference_type
scores
0
value 0.00324
scoring_system epss
scoring_elements 0.5542
published_at 2026-04-02T12:55:00Z
1
value 0.00324
scoring_system epss
scoring_elements 0.55445
published_at 2026-04-04T12:55:00Z
2
value 0.00429
scoring_system epss
scoring_elements 0.62478
published_at 2026-04-13T12:55:00Z
3
value 0.00429
scoring_system epss
scoring_elements 0.625
published_at 2026-04-12T12:55:00Z
4
value 0.00429
scoring_system epss
scoring_elements 0.62511
published_at 2026-04-11T12:55:00Z
5
value 0.00429
scoring_system epss
scoring_elements 0.62492
published_at 2026-04-09T12:55:00Z
6
value 0.00429
scoring_system epss
scoring_elements 0.62476
published_at 2026-04-08T12:55:00Z
7
value 0.00429
scoring_system epss
scoring_elements 0.62425
published_at 2026-04-07T12:55:00Z
8
value 0.00429
scoring_system epss
scoring_elements 0.62527
published_at 2026-04-18T12:55:00Z
9
value 0.00429
scoring_system epss
scoring_elements 0.6252
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53506
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb
5
reference_url https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b
6
reference_url https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b
7
reference_url https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-11T13:46:01Z/
url https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0
8
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-53506
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-53506
10
reference_url http://www.openwall.com/lists/oss-security/2025/07/10/13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/07/10/13
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113
reference_id 1109113
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114
reference_id 1109114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2379386
reference_id 2379386
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2379386
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506
reference_id CVE-2025-53506
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506
15
reference_url https://github.com/advisories/GHSA-25xr-qj8w-c4vf
reference_id GHSA-25xr-qj8w-c4vf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-25xr-qj8w-c4vf
16
reference_url https://access.redhat.com/errata/RHSA-2025:11695
reference_id RHSA-2025:11695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11695
17
reference_url https://access.redhat.com/errata/RHSA-2025:11696
reference_id RHSA-2025:11696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11696
18
reference_url https://access.redhat.com/errata/RHSA-2025:11741
reference_id RHSA-2025:11741
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11741
19
reference_url https://access.redhat.com/errata/RHSA-2025:11742
reference_id RHSA-2025:11742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11742
20
reference_url https://access.redhat.com/errata/RHSA-2025:14177
reference_id RHSA-2025:14177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14177
21
reference_url https://access.redhat.com/errata/RHSA-2025:14178
reference_id RHSA-2025:14178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14178
22
reference_url https://access.redhat.com/errata/RHSA-2025:14179
reference_id RHSA-2025:14179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14179
23
reference_url https://access.redhat.com/errata/RHSA-2025:14180
reference_id RHSA-2025:14180
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14180
24
reference_url https://access.redhat.com/errata/RHSA-2025:14181
reference_id RHSA-2025:14181
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14181
25
reference_url https://access.redhat.com/errata/RHSA-2025:14182
reference_id RHSA-2025:14182
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14182
26
reference_url https://access.redhat.com/errata/RHSA-2025:14183
reference_id RHSA-2025:14183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14183
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9
aliases CVE-2025-53506, GHSA-25xr-qj8w-c4vf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fpgj-82wf-ykbw
1
url VCID-v7tp-1t4h-zqeg
vulnerability_id VCID-v7tp-1t4h-zqeg
summary 
When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.

Older, EOL versions may also be affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28708.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28708.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28708
reference_id
reference_type
scores
0
value 0.00087
scoring_system epss
scoring_elements 0.25128
published_at 2026-04-04T12:55:00Z
1
value 0.00087
scoring_system epss
scoring_elements 0.2509
published_at 2026-04-02T12:55:00Z
2
value 0.00087
scoring_system epss
scoring_elements 0.24972
published_at 2026-04-08T12:55:00Z
3
value 0.00087
scoring_system epss
scoring_elements 0.24903
published_at 2026-04-07T12:55:00Z
4
value 0.00101
scoring_system epss
scoring_elements 0.2789
published_at 2026-04-12T12:55:00Z
5
value 0.00101
scoring_system epss
scoring_elements 0.27932
published_at 2026-04-11T12:55:00Z
6
value 0.00101
scoring_system epss
scoring_elements 0.27931
published_at 2026-04-09T12:55:00Z
7
value 0.00101
scoring_system epss
scoring_elements 0.27837
published_at 2026-04-16T12:55:00Z
8
value 0.00101
scoring_system epss
scoring_elements 0.27831
published_at 2026-04-13T12:55:00Z
9
value 0.00101
scoring_system epss
scoring_elements 0.27815
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28708
2
reference_url https://bz.apache.org/bugzilla/show_bug.cgi?id=66471
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bz.apache.org/bugzilla/show_bug.cgi?id=66471
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
5
reference_url https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab
6
reference_url https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510
7
reference_url https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f
8
reference_url https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b
9
reference_url https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:33:37Z/
url https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
10
reference_url https://security.netapp.com/advisory/ntap-20230331-0012
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230331-0012
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
13
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
14
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2180856
reference_id 2180856
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2180856
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28708
reference_id CVE-2023-28708
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28708
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28708
reference_id CVE-2023-28708
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28708
18
reference_url https://github.com/advisories/GHSA-2c9m-w27f-53rm
reference_id GHSA-2c9m-w27f-53rm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2c9m-w27f-53rm
19
reference_url https://access.redhat.com/errata/RHSA-2023:4909
reference_id RHSA-2023:4909
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4909
20
reference_url https://access.redhat.com/errata/RHSA-2023:4910
reference_id RHSA-2023:4910
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4910
21
reference_url https://access.redhat.com/errata/RHSA-2023:6570
reference_id RHSA-2023:6570
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6570
22
reference_url https://access.redhat.com/errata/RHSA-2023:7065
reference_id RHSA-2023:7065
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7065
23
reference_url https://usn.ubuntu.com/7106-1/
reference_id USN-7106-1
reference_type
scores
url https://usn.ubuntu.com/7106-1/
24
reference_url https://usn.ubuntu.com/7562-1/
reference_id USN-7562-1
reference_type
scores
url https://usn.ubuntu.com/7562-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-xgr8-tpv5-q3b2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0
aliases CVE-2023-28708, GHSA-2c9m-w27f-53rm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v7tp-1t4h-zqeg
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M18