Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/451971?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/451971?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.50", "type": "maven", "namespace": "org.apache.tomcat.embed", "name": "tomcat-embed-core", "version": "8.0.50", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.0.118", "latest_non_vulnerable_version": "11.0.22", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28594?format=api", "vulnerability_id": "VCID-2n2k-sh22-fkfw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41284", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21497", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21313", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2828", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28289", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41284" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/17dacd9aa48628da2eba37a9ab743c0b6c71685c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/17dacd9aa48628da2eba37a9ab743c0b6c71685c" }, { "reference_url": "https://github.com/apache/tomcat/commit/a96fffd18487a29c0a30d36f00cb2b2d91f6d42c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a96fffd18487a29c0a30d36f00cb2b2d91f6d42c" }, { "reference_url": "https://github.com/apache/tomcat/commit/b3d1c1c239142e806be0b7329d304b94a58913ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b3d1c1c239142e806be0b7329d304b94a58913ed" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41284", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41284" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/12" }, { "reference_url": "https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc", "reference_id": "2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:57:41Z/" } ], "url": "https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284", "reference_id": "CVE-2026-41284", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284" }, { "reference_url": "https://github.com/advisories/GHSA-gx5v-xp9w-j4cg", "reference_id": "GHSA-gx5v-xp9w-j4cg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gx5v-xp9w-j4cg" }, { "reference_url": "https://usn.ubuntu.com/8417-1/", "reference_id": "USN-8417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8417-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375372?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/375373?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/375374?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22" } ], "aliases": [ "CVE-2026-41284", "GHSA-gx5v-xp9w-j4cg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2n2k-sh22-fkfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6603?format=api", "vulnerability_id": "VCID-5nu4-5ude-4yhc", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17563.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17563.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17563", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04359", "scoring_system": "epss", "scoring_elements": "0.89236", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.04359", "scoring_system": "epss", "scoring_elements": "0.89228", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.04359", "scoring_system": "epss", "scoring_elements": "0.8919", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17563" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652" }, { "reference_url": "https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c" }, { "reference_url": "https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e@%3Cissues.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e@%3Cissues.cxf.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/43", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Dec/43" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200107-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200107-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200107-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200107-0001/" }, { "reference_url": "https://usn.ubuntu.com/4251-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4251-1" }, { "reference_url": "https://usn.ubuntu.com/4251-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4251-1/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4596", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4596" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785711", "reference_id": "1785711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785711" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563", "reference_id": "CVE-2019-17563", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17563", "reference_id": "CVE-2019-17563", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17563" }, { "reference_url": "https://github.com/advisories/GHSA-9xcj-c8cr-8c3c", "reference_id": "GHSA-9xcj-c8cr-8c3c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9xcj-c8cr-8c3c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0860", "reference_id": "RHSA-2020:0860", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0861", "reference_id": "RHSA-2020:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1520", "reference_id": "RHSA-2020:1520", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1520" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1521", "reference_id": "RHSA-2020:1521", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4004", "reference_id": "RHSA-2020:4004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0882", "reference_id": "RHSA-2021:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1030", "reference_id": "RHSA-2021:1030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1030" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15938?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.50", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2381-kewd-m3ez" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-395x-2jej-4ubj" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-4md2-vchu-3bgx" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-824z-m36f-87ea" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bv5e-eycn-n7e2" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-euv9-huaz-y3d1" }, { "vulnerability": "VCID-gecz-htub-27gx" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-m3py-3ba2-jkg7" }, { "vulnerability": "VCID-n5t6-xtd3-hfa7" }, { "vulnerability": "VCID-nj9t-gdm3-6ycn" }, { "vulnerability": "VCID-nz4k-nfug-tufw" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qvgx-r4rr-xugp" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-xgqg-vgr9-e3gm" }, { "vulnerability": "VCID-yjb8-hdqu-4fe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/15939?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2381-kewd-m3ez" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-395x-2jej-4ubj" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-4md2-vchu-3bgx" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-824z-m36f-87ea" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-a7e6-gxvv-pub9" }, { "vulnerability": "VCID-bv5e-eycn-n7e2" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-euv9-huaz-y3d1" }, { "vulnerability": "VCID-gecz-htub-27gx" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n5t6-xtd3-hfa7" }, { "vulnerability": "VCID-nj9t-gdm3-6ycn" }, { "vulnerability": "VCID-nz4k-nfug-tufw" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qvgx-r4rr-xugp" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-xgqg-vgr9-e3gm" }, { "vulnerability": "VCID-yg5s-2fsb-gub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.30" } ], "aliases": [ "CVE-2019-17563", "GHSA-9xcj-c8cr-8c3c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5nu4-5ude-4yhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28596?format=api", "vulnerability_id": "VCID-697g-gcg9-zyaa", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41293.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41293.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.2247", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22276", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24193", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24215", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41293" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/19f17a257797e8d139b33ff9c88d362a273be148", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/19f17a257797e8d139b33ff9c88d362a273be148" }, { "reference_url": "https://github.com/apache/tomcat/commit/1c70480466572c9192ed412ebefcd43fc63137fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1c70480466572c9192ed412ebefcd43fc63137fd" }, { "reference_url": "https://github.com/apache/tomcat/commit/2a2476460e823789f530a22207873ea8cd6eff3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/2a2476460e823789f530a22207873ea8cd6eff3b" }, { "reference_url": "https://github.com/apache/tomcat/commit/3915fd27e6810b14ccd21e3d900bd8faef44d3df", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3915fd27e6810b14ccd21e3d900bd8faef44d3df" }, { "reference_url": "https://github.com/apache/tomcat/commit/57c2b3bfd62792631e1df24cf4237b990a0b36fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/57c2b3bfd62792631e1df24cf4237b990a0b36fa" }, { "reference_url": "https://github.com/apache/tomcat/commit/c2925554c677da57390f940d856871e18daaacab", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c2925554c677da57390f940d856871e18daaacab" }, { "reference_url": "https://github.com/apache/tomcat/commit/cf9452443bcbf3b1a4b435ef7d624364f1b65ca3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/cf9452443bcbf3b1a4b435ef7d624364f1b65ca3" }, { "reference_url": "https://github.com/apache/tomcat/commit/e5cef9618c3f4fd31bd6fb1e83f0f18022280dac", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/e5cef9618c3f4fd31bd6fb1e83f0f18022280dac" }, { "reference_url": "https://github.com/apache/tomcat/commit/f72a6174ab1f0f5a053435f80448b4f6837fe6d7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/f72a6174ab1f0f5a053435f80448b4f6837fe6d7" }, { "reference_url": "https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41293", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41293" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/13" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476513", "reference_id": "2476513", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293", "reference_id": "CVE-2026-41293", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293" }, { "reference_url": "https://github.com/advisories/GHSA-r29c-68gh-xp6x", "reference_id": "GHSA-r29c-68gh-xp6x", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r29c-68gh-xp6x" }, { "reference_url": "https://usn.ubuntu.com/8417-1/", "reference_id": "USN-8417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8417-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375372?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/375373?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/375374?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22" } ], "aliases": [ "CVE-2026-41293", "GHSA-r29c-68gh-xp6x" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-697g-gcg9-zyaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63534?format=api", "vulnerability_id": "VCID-824z-m36f-87ea", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1935.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1935.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01382", "scoring_system": "epss", "scoring_elements": "0.80716", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01382", "scoring_system": "epss", "scoring_elements": "0.80787", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01382", "scoring_system": "epss", "scoring_elements": "0.80776", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01382", "scoring_system": "epss", "scoring_elements": "0.80777", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1935" }, { "reference_url": "https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d" }, { "reference_url": "https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26" }, { "reference_url": "https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56" }, { "reference_url": "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200327-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200327-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200327-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200327-0005/" }, { "reference_url": "https://usn.ubuntu.com/4448-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4448-1" }, { "reference_url": "https://usn.ubuntu.com/4448-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4448-1/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835", "reference_id": "1806835", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935", "reference_id": "CVE-2020-1935", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935", "reference_id": "CVE-2020-1935", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935" }, { "reference_url": "https://github.com/advisories/GHSA-qxf4-chvg-4r8r", "reference_id": "GHSA-qxf4-chvg-4r8r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxf4-chvg-4r8r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1520", "reference_id": "RHSA-2020:1520", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1520" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1521", "reference_id": "RHSA-2020:1521", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2367", "reference_id": "RHSA-2020:2367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3303", "reference_id": "RHSA-2020:3303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3303" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3305", "reference_id": "RHSA-2020:3305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3305" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4847", "reference_id": "RHSA-2020:4847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5020", "reference_id": "RHSA-2020:5020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0882", "reference_id": "RHSA-2021:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1030", "reference_id": "RHSA-2021:1030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3140", "reference_id": "RHSA-2021:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16203?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.51", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2381-kewd-m3ez" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-395x-2jej-4ubj" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-4md2-vchu-3bgx" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-euv9-huaz-y3d1" }, { "vulnerability": "VCID-gecz-htub-27gx" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-m3py-3ba2-jkg7" }, { "vulnerability": "VCID-n5t6-xtd3-hfa7" }, { "vulnerability": "VCID-nj9t-gdm3-6ycn" }, { "vulnerability": "VCID-nz4k-nfug-tufw" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qvgx-r4rr-xugp" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-xgqg-vgr9-e3gm" }, { "vulnerability": "VCID-yjb8-hdqu-4fe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/16201?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2381-kewd-m3ez" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-395x-2jej-4ubj" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-4md2-vchu-3bgx" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-a7e6-gxvv-pub9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-euv9-huaz-y3d1" }, { "vulnerability": "VCID-gecz-htub-27gx" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n5t6-xtd3-hfa7" }, { "vulnerability": "VCID-nj9t-gdm3-6ycn" }, { "vulnerability": "VCID-nz4k-nfug-tufw" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qvgx-r4rr-xugp" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-xgqg-vgr9-e3gm" }, { "vulnerability": "VCID-yg5s-2fsb-gub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.31" } ], "aliases": [ "CVE-2020-1935", "GHSA-qxf4-chvg-4r8r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-824z-m36f-87ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29213?format=api", "vulnerability_id": "VCID-97et-ubnp-wqcy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43512.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43512.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33874", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33696", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.45051", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.45063", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43512" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat/commit/3d4d3fae07a6cd9c2eb193c5491001740ec64448", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3d4d3fae07a6cd9c2eb193c5491001740ec64448" }, { "reference_url": "https://github.com/apache/tomcat/commit/6565a6cb6499e56fe2f34457cec99f9d1c4f39e9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6565a6cb6499e56fe2f34457cec99f9d1c4f39e9" }, { "reference_url": "https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476511", "reference_id": "2476511", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476511" }, { "reference_url": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73", "reference_id": "7x09x7o12solvclslw3sz0288xc8wx73", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:38:42Z/" } ], "url": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512", "reference_id": "CVE-2026-43512", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512" }, { "reference_url": "https://github.com/advisories/GHSA-h6fc-48rj-7qqh", "reference_id": "GHSA-h6fc-48rj-7qqh", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6fc-48rj-7qqh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13745", "reference_id": "RHSA-2026:13745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16528", "reference_id": "RHSA-2026:16528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25123", "reference_id": "RHSA-2026:25123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:25123" }, { "reference_url": "https://usn.ubuntu.com/8383-1/", "reference_id": "USN-8383-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8383-1/" }, { "reference_url": "https://usn.ubuntu.com/8417-1/", "reference_id": "USN-8417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8417-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375372?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/375373?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/375374?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22" } ], "aliases": [ "CVE-2026-43512", "GHSA-h6fc-48rj-7qqh" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-97et-ubnp-wqcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28669?format=api", "vulnerability_id": "VCID-9xyf-k9wq-g7b9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15929", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16071", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.20144", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.20168", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42498" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/169d725788ea6aec217ecac70fe4161c837ba423", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/169d725788ea6aec217ecac70fe4161c837ba423" }, { "reference_url": "https://github.com/apache/tomcat/commit/6cbe274592ef2d11607b5b188e1df649de52f8d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6cbe274592ef2d11607b5b188e1df649de52f8d5" }, { "reference_url": "https://github.com/apache/tomcat/commit/b7b173694d588ddcfa432f079baf763cbbbaa5c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b7b173694d588ddcfa432f079baf763cbbbaa5c4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42498", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42498" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476516", "reference_id": "2476516", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476516" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498", "reference_id": "CVE-2026-42498", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498" }, { "reference_url": "https://github.com/advisories/GHSA-fv25-8xcx-gqjc", "reference_id": "GHSA-fv25-8xcx-gqjc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fv25-8xcx-gqjc" }, { "reference_url": "https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb", "reference_id": "n61zwf75jrv09rz90j4jssncm244bwdb", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:58:45Z/" } ], "url": "https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb" }, { "reference_url": "https://usn.ubuntu.com/8417-1/", "reference_id": "USN-8417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8417-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375372?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/375373?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/375374?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22" } ], "aliases": [ "CVE-2026-42498", "GHSA-fv25-8xcx-gqjc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyf-k9wq-g7b9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29216?format=api", "vulnerability_id": "VCID-dj7q-4map-ebg4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24873", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24889", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26619", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26417", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43515" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/0659748659ec75253fea5aac72cab6f94e79c419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/0659748659ec75253fea5aac72cab6f94e79c419" }, { "reference_url": "https://github.com/apache/tomcat/commit/276087d9c7abbcecc6c4fb4e4b08cf64780c6e36", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/276087d9c7abbcecc6c4fb4e4b08cf64780c6e36" }, { "reference_url": "https://github.com/apache/tomcat/commit/c621317382682206fb58ab92ebd3e1b6fdd10ce9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c621317382682206fb58ab92ebd3e1b6fdd10ce9" }, { "reference_url": "https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43515", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43515" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/11" }, { "reference_url": "https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb", "reference_id": "746nxfxod0wsocxtmv8pb8nkgmwpc6bb", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:33:57Z/" } ], "url": "https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515", "reference_id": "CVE-2026-43515", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515" }, { "reference_url": "https://github.com/advisories/GHSA-5m62-pw8w-7w9f", "reference_id": "GHSA-5m62-pw8w-7w9f", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5m62-pw8w-7w9f" }, { "reference_url": "https://usn.ubuntu.com/8383-1/", "reference_id": "USN-8383-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8383-1/" }, { "reference_url": "https://usn.ubuntu.com/8417-1/", "reference_id": "USN-8417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8417-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375372?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/375373?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/375374?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22" } ], "aliases": [ "CVE-2026-43515", "GHSA-5m62-pw8w-7w9f" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dj7q-4map-ebg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29214?format=api", "vulnerability_id": "VCID-hv33-kv9q-gugf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24213", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24017", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30914", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30929", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43513" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/4a90d3fa93988c447cd5bb7482f76ff70d7f15c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4a90d3fa93988c447cd5bb7482f76ff70d7f15c2" }, { "reference_url": "https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717" }, { "reference_url": "https://github.com/apache/tomcat/commit/83f3e51df7b87f5f6e626951c575ded1a512e8ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/83f3e51df7b87f5f6e626951c575ded1a512e8ef" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43513", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43513" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/9" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513", "reference_id": "CVE-2026-43513", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513" }, { "reference_url": "https://github.com/advisories/GHSA-5mp6-jrq3-r938", "reference_id": "GHSA-5mp6-jrq3-r938", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5mp6-jrq3-r938" }, { "reference_url": "https://usn.ubuntu.com/8383-1/", "reference_id": "USN-8383-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8383-1/" }, { "reference_url": "https://usn.ubuntu.com/8417-1/", "reference_id": "USN-8417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8417-1/" }, { "reference_url": "https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp", "reference_id": "ytjcgldshj73lcnd1sh95od5hrghwogp", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T16:34:43Z/" } ], "url": "https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375372?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/375373?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/375374?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22" } ], "aliases": [ "CVE-2026-43513", "GHSA-5mp6-jrq3-r938" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hv33-kv9q-gugf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8843?format=api", "vulnerability_id": "VCID-nz4k-nfug-tufw", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html" }, { "reference_url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9484.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9484.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93325", "scoring_system": "epss", "scoring_elements": "0.9982", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.93325", "scoring_system": "epss", "scoring_elements": "0.99821", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9484" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1171928", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171928" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Jun/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2020/Jun/6" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222" }, { "reference_url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222.patch" }, { "reference_url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453" }, { "reference_url": "https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06" }, { "reference_url": "https://github.com/apache/tomcat/commit/6d66e99ef85da93e4d2c2a536ca51aa3418bfaf4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6d66e99ef85da93e4d2c2a536ca51aa3418bfaf4" }, { "reference_url": "https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5" }, { "reference_url": "https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35" }, { "reference_url": "https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b" }, { "reference_url": "https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f" }, { "reference_url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200528-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200528-0005" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-7.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://usn.ubuntu.com/4448-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4448-1" }, { "reference_url": "https://usn.ubuntu.com/4596-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4596-1" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4727" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/03/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838332", "reference_id": "1838332", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838332" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961209", "reference_id": "961209", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961209" }, { "reference_url": "https://security.archlinux.org/ASA-202006-7", "reference_id": "ASA-202006-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-7" }, { "reference_url": "https://security.archlinux.org/AVG-1171", "reference_id": "AVG-1171", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1171" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484", "reference_id": "CVE-2020-9484", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "apache_tomcat", "scoring_elements": "" }, { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" }, { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9484", "reference_id": "CVE-2020-9484", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9484" }, { "reference_url": "https://github.com/advisories/GHSA-344f-f5vg-2jfj", "reference_id": "GHSA-344f-f5vg-2jfj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-344f-f5vg-2jfj" }, { "reference_url": "https://security.gentoo.org/glsa/202006-21", "reference_id": "GLSA-202006-21", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202006-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2483", "reference_id": "RHSA-2020:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2487", "reference_id": "RHSA-2020:2487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2506", "reference_id": "RHSA-2020:2506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2509", "reference_id": "RHSA-2020:2509", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2509" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2529", "reference_id": "RHSA-2020:2529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2530", "reference_id": "RHSA-2020:2530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3017", "reference_id": "RHSA-2020:3017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3140", "reference_id": "RHSA-2021:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://usn.ubuntu.com/4596-1/", "reference_id": "USN-4596-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4596-1/" }, { "reference_url": "https://usn.ubuntu.com/5360-1/", "reference_id": "USN-5360-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5360-1/" }, { "reference_url": "https://usn.ubuntu.com/6908-1/", "reference_id": "USN-6908-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6908-1/" }, { "reference_url": "https://usn.ubuntu.com/6943-1/", "reference_id": "USN-6943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16495?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.55", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2381-kewd-m3ez" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-395x-2jej-4ubj" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-4md2-vchu-3bgx" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-euv9-huaz-y3d1" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-m3py-3ba2-jkg7" }, { "vulnerability": "VCID-n5t6-xtd3-hfa7" }, { "vulnerability": "VCID-nj9t-gdm3-6ycn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qvgx-r4rr-xugp" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-xgqg-vgr9-e3gm" }, { "vulnerability": "VCID-yjb8-hdqu-4fe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/16501?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2381-kewd-m3ez" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-395x-2jej-4ubj" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-4md2-vchu-3bgx" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-a7e6-gxvv-pub9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-euv9-huaz-y3d1" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n5t6-xtd3-hfa7" }, { "vulnerability": "VCID-nj9t-gdm3-6ycn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qvgx-r4rr-xugp" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-xgqg-vgr9-e3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/16494?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.0-M5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-395x-2jej-4ubj" }, { "vulnerability": "VCID-qvgx-r4rr-xugp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.0-M5" } ], "aliases": [ "CVE-2020-9484", "GHSA-344f-f5vg-2jfj" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nz4k-nfug-tufw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25899?format=api", "vulnerability_id": "VCID-p4j1-xp15-t3b8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66614.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66614.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16515", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16541", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1653", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16385", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66614" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36" }, { "reference_url": "https://github.com/apache/tomcat/commit/152c14885d45f5e0a8b59bd9f93c289cfe20ce30", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/152c14885d45f5e0a8b59bd9f93c289cfe20ce30" }, { "reference_url": "https://github.com/apache/tomcat/commit/258a591b61f8cf5c22109e21e5a2a38b63454fd2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/258a591b61f8cf5c22109e21e5a2a38b63454fd2" }, { "reference_url": "https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02" }, { "reference_url": "https://github.com/apache/tomcat/commit/5053fa82a1b2b52756810601227984a8b71888a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/5053fa82a1b2b52756810601227984a8b71888a4" }, { "reference_url": "https://github.com/apache/tomcat/commit/9276b5e783c8cd5b3fe2bb716306b65004bdd940", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/9276b5e783c8cd5b3fe2bb716306b65004bdd940" }, { "reference_url": "https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53" }, { "reference_url": "https://github.com/apache/tomcat/commit/972f9a5e2a07674d92610c478aac1b205d60724e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/972f9a5e2a07674d92610c478aac1b205d60724e" }, { "reference_url": "https://github.com/apache/tomcat/commit/a4aa74232e826028cd2f7ba0445caf8a8b52c509", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a4aa74232e826028cd2f7ba0445caf8a8b52c509" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440430", "reference_id": "2440430", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440430" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614", "reference_id": "CVE-2025-66614", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66614", "reference_id": "CVE-2025-66614", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66614" }, { "reference_url": "https://github.com/advisories/GHSA-fpj8-gq4v-p354", "reference_id": "GHSA-fpj8-gq4v-p354", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fpj8-gq4v-p354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12194", "reference_id": "RHSA-2026:12194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12195", "reference_id": "RHSA-2026:12195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6569", "reference_id": "RHSA-2026:6569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8334", "reference_id": "RHSA-2026:8334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8334" }, { "reference_url": "https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7", "reference_id": "vw6lxtlh2qbqwpb61wd3sv1flm2nttw7", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-21T21:17:26Z/" } ], "url": "https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39253?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.113", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-8sda-scr3-qfex" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.113" }, { "url": "http://public2.vulnerablecode.io/api/packages/39251?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.50", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-8sda-scr3-qfex" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/39263?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-8sda-scr3-qfex" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.15" } ], "aliases": [ "CVE-2025-66614", "GHSA-fpj8-gq4v-p354" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p4j1-xp15-t3b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6165?format=api", "vulnerability_id": "VCID-qxbw-zvw5-ckdp", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12418.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12418.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65698", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65589", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65694", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65687", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12418" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3" }, { "reference_url": "https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00" }, { "reference_url": "https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b" }, { "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/43", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Dec/43" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200107-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200107-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200107-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200107-0001/" }, { "reference_url": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS" }, { "reference_url": "https://usn.ubuntu.com/4251-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4251-1" }, { "reference_url": "https://usn.ubuntu.com/4251-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4251-1/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4596", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4596" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785699", "reference_id": "1785699", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418", "reference_id": "CVE-2019-12418", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12418", "reference_id": "CVE-2019-12418", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12418" }, { "reference_url": "https://github.com/advisories/GHSA-hh3j-x4mc-g48r", "reference_id": "GHSA-hh3j-x4mc-g48r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hh3j-x4mc-g48r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0860", "reference_id": "RHSA-2020:0860", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0861", "reference_id": "RHSA-2020:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1520", "reference_id": "RHSA-2020:1520", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1520" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1521", "reference_id": "RHSA-2020:1521", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1521" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15942?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.49", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2381-kewd-m3ez" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-395x-2jej-4ubj" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-4md2-vchu-3bgx" }, { "vulnerability": "VCID-5nu4-5ude-4yhc" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-824z-m36f-87ea" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bv5e-eycn-n7e2" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-euv9-huaz-y3d1" }, { "vulnerability": "VCID-gecz-htub-27gx" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-m3py-3ba2-jkg7" }, { "vulnerability": "VCID-n5t6-xtd3-hfa7" }, { "vulnerability": "VCID-nj9t-gdm3-6ycn" }, { "vulnerability": "VCID-nz4k-nfug-tufw" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qvgx-r4rr-xugp" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-xgqg-vgr9-e3gm" }, { "vulnerability": "VCID-yjb8-hdqu-4fe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.49" }, { "url": "http://public2.vulnerablecode.io/api/packages/15941?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2381-kewd-m3ez" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-395x-2jej-4ubj" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-4md2-vchu-3bgx" }, { "vulnerability": "VCID-5nu4-5ude-4yhc" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-824z-m36f-87ea" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-a7e6-gxvv-pub9" }, { "vulnerability": "VCID-bv5e-eycn-n7e2" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-euv9-huaz-y3d1" }, { "vulnerability": "VCID-gecz-htub-27gx" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n5t6-xtd3-hfa7" }, { "vulnerability": "VCID-nj9t-gdm3-6ycn" }, { "vulnerability": "VCID-nz4k-nfug-tufw" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qvgx-r4rr-xugp" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-xgqg-vgr9-e3gm" }, { "vulnerability": "VCID-yg5s-2fsb-gub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.29" } ], "aliases": [ "CVE-2019-12418", "GHSA-hh3j-x4mc-g48r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxbw-zvw5-ckdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29215?format=api", "vulnerability_id": "VCID-s2kf-jwgc-pfas", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43514.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27377", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27395", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27415", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27214", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43514" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/2e676264ce27448a4d4841e42c1238bd10ca3755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/2e676264ce27448a4d4841e42c1238bd10ca3755" }, { "reference_url": "https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa" }, { "reference_url": "https://github.com/apache/tomcat/commit/a102a2a157868ca51d83eaf5a119ccd9976a113e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a102a2a157868ca51d83eaf5a119ccd9976a113e" }, { "reference_url": "https://github.com/apache/tomcat/commit/a90c358400c133b6173c6b26591923bf814a8508", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/a90c358400c133b6173c6b26591923bf814a8508" }, { "reference_url": "https://github.com/apache/tomcat/commit/d35d9d23263c8e4af561f615c960c91697ff200e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d35d9d23263c8e4af561f615c960c91697ff200e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43514", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43514" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476512", "reference_id": "2476512", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476512" }, { "reference_url": "https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m", "reference_id": "2k654v5cq123npfsd1b2kk1y30owqb1m", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:22:38Z/" } ], "url": "https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514", "reference_id": "CVE-2026-43514", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514" }, { "reference_url": "https://github.com/advisories/GHSA-9m89-8frq-c98c", "reference_id": "GHSA-9m89-8frq-c98c", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9m89-8frq-c98c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375372?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/375373?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/375374?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.22" } ], "aliases": [ "CVE-2026-43514", "GHSA-9m89-8frq-c98c" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s2kf-jwgc-pfas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27398?format=api", "vulnerability_id": "VCID-t8tc-zb3w-57gv", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39126", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39141", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39149", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38954", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a" }, { "reference_url": "https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb" }, { "reference_url": "https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5" }, { "reference_url": "https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c" }, { "reference_url": "https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522" }, { "reference_url": "https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24880", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24880" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116" }, { "reference_url": "https://www.herodevs.com/vulnerability-directory/cve-2026-24880", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.herodevs.com/vulnerability-directory/cve-2026-24880" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/20", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/20" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356", "reference_id": "1133356", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357", "reference_id": "1133357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457040", "reference_id": "2457040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457040" }, { "reference_url": "https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn", "reference_id": "2c682qnlg2tv4o5knlggqbl9yc2gb5sn", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/" } ], "url": "https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880", "reference_id": "CVE-2026-24880", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880" }, { "reference_url": "https://github.com/advisories/GHSA-563x-q5rq-57qp", "reference_id": "GHSA-563x-q5rq-57qp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-563x-q5rq-57qp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20405", "reference_id": "RHSA-2026:20405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20406", "reference_id": "RHSA-2026:20406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373469?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.116", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.116" }, { "url": "http://public2.vulnerablecode.io/api/packages/39257?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.52", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-8sda-scr3-qfex" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-r6yr-45cm-8ucv" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.52" }, { "url": "http://public2.vulnerablecode.io/api/packages/373743?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.20" } ], "aliases": [ "CVE-2026-24880", "GHSA-563x-q5rq-57qp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8tc-zb3w-57gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5902?format=api", "vulnerability_id": "VCID-w35j-v3r4-tqhu", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3929", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3931", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0199.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0199.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.65581", "scoring_system": "epss", "scoring_elements": "0.98519", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.65581", "scoring_system": "epss", "scoring_elements": "0.98523", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0199" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/60a3af1738879ec06fac1ecb8a149608782f7cc9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/60a3af1738879ec06fac1ecb8a149608782f7cc9" }, { "reference_url": "https://github.com/apache/tomcat/commit/a1cb1ac77e3a8fec1b00eb0e944842555da14f7d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/a1cb1ac77e3a8fec1b00eb0e944842555da14f7d" }, { "reference_url": "https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e%40%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e%40%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c%40%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c%40%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/43", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Dec/43" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190419-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190419-0001" }, { "reference_url": "https://support.f5.com/csp/article/K17321505", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K17321505" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852698" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852699" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852700", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852700" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852701", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852701" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852702" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852703", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852703" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852704", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852704" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852705" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852706" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852707" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852711", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852711" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852712", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852712" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852713" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852714" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852715" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852717", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852717" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852718", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852718" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852719" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852722" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852723" }, { "reference_url": "https://svn.apache.org/viewvc?view=rev&rev=1852724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=rev&rev=1852724" }, { "reference_url": "https://web.archive.org/web/20200227030041/http://www.securityfocus.com/bid/107674", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227030041/http://www.securityfocus.com/bid/107674" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4596", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4596" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325", "reference_id": "1693325", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199", "reference_id": "CVE-2019-0199", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199", "reference_id": "CVE-2019-0199", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199" }, { "reference_url": "https://github.com/advisories/GHSA-qcxh-w3j9-58qr", "reference_id": "GHSA-qcxh-w3j9-58qr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcxh-w3j9-58qr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2366", "reference_id": "RHSA-2020:2366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15185?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.38", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2381-kewd-m3ez" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-395x-2jej-4ubj" }, { "vulnerability": "VCID-3977-sdws-euh4" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-4md2-vchu-3bgx" }, { "vulnerability": "VCID-5nu4-5ude-4yhc" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-824z-m36f-87ea" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-euv9-huaz-y3d1" }, { "vulnerability": "VCID-gecz-htub-27gx" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-m3py-3ba2-jkg7" }, { "vulnerability": "VCID-n5t6-xtd3-hfa7" }, { "vulnerability": "VCID-nj9t-gdm3-6ycn" }, { "vulnerability": "VCID-nz4k-nfug-tufw" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qvgx-r4rr-xugp" }, { "vulnerability": "VCID-qxbw-zvw5-ckdp" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-xgqg-vgr9-e3gm" }, { "vulnerability": "VCID-yjb8-hdqu-4fe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.38" }, { "url": "http://public2.vulnerablecode.io/api/packages/15184?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2381-kewd-m3ez" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-395x-2jej-4ubj" }, { "vulnerability": "VCID-3977-sdws-euh4" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-4md2-vchu-3bgx" }, { "vulnerability": "VCID-5nu4-5ude-4yhc" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-824z-m36f-87ea" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-a7e6-gxvv-pub9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-euv9-huaz-y3d1" }, { "vulnerability": "VCID-gecz-htub-27gx" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-m3py-3ba2-jkg7" }, { "vulnerability": "VCID-n5t6-xtd3-hfa7" }, { "vulnerability": "VCID-nj9t-gdm3-6ycn" }, { "vulnerability": "VCID-nz4k-nfug-tufw" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qvgx-r4rr-xugp" }, { "vulnerability": "VCID-qxbw-zvw5-ckdp" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-xgqg-vgr9-e3gm" }, { "vulnerability": "VCID-yg5s-2fsb-gub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.16" } ], "aliases": [ "CVE-2019-0199", "GHSA-qcxh-w3j9-58qr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w35j-v3r4-tqhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8755?format=api", "vulnerability_id": "VCID-yg5s-2fsb-gub2", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8022.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40598", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40408", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40575", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40584", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8022" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852863", "reference_id": "1852863", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852863" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8022", "reference_id": "CVE-2020-8022", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8022" }, { "reference_url": "https://github.com/advisories/GHSA-gc58-v8h3-x2gr", "reference_id": "GHSA-gc58-v8h3-x2gr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc58-v8h3-x2gr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14128?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.53", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-5nu4-5ude-4yhc" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-824z-m36f-87ea" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-nz4k-nfug-tufw" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qxbw-zvw5-ckdp" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-w35j-v3r4-tqhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.53" }, { "url": "http://public2.vulnerablecode.io/api/packages/16501?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2381-kewd-m3ez" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-395x-2jej-4ubj" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-4md2-vchu-3bgx" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-a7e6-gxvv-pub9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-euv9-huaz-y3d1" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n5t6-xtd3-hfa7" }, { "vulnerability": "VCID-nj9t-gdm3-6ycn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qvgx-r4rr-xugp" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-xgqg-vgr9-e3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.35" } ], "aliases": [ "CVE-2020-8022", "GHSA-gc58-v8h3-x2gr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yg5s-2fsb-gub2" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.50" }