Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/460?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/460?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.40", "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", "version": "9.0.40", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.0.118", "latest_non_vulnerable_version": "11.0.22", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15959?format=api", "vulnerability_id": "VCID-16sq-3qm1-kqb2", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45648.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45648.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.62079", "scoring_system": "epss", "scoring_elements": "0.98373", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.62079", "scoring_system": "epss", "scoring_elements": "0.98379", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45648" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0" }, { "reference_url": "https://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4" }, { "reference_url": "https://github.com/apache/tomcat/commit/c83fe47725f7ae9ae213568d9039171124fb7ec6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c83fe47725f7ae9ae213568d9039171124fb7ec6" }, { "reference_url": "https://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231103-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231103-0007" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/10/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/10/10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749", "reference_id": "2243749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749" }, { "reference_url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp", "reference_id": "2pv8yz1pyp088tsxfb7ogltk9msk0jdp", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:59:12Z/" } ], "url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45648", "reference_id": "CVE-2023-45648", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45648" }, { "reference_url": "https://github.com/advisories/GHSA-r6j3-px5g-cq3x", "reference_id": "GHSA-r6j3-px5g-cq3x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r6j3-px5g-cq3x" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6206", "reference_id": "RHSA-2023:6206", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6206" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6207", "reference_id": "RHSA-2023:6207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7247", "reference_id": "RHSA-2023:7247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0125", "reference_id": "RHSA-2024:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0474", "reference_id": "RHSA-2024:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4631", "reference_id": "RHSA-2024:4631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4631" }, { "reference_url": "https://usn.ubuntu.com/7106-1/", "reference_id": "USN-7106-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7106-1/" }, { "reference_url": "https://usn.ubuntu.com/7562-1/", "reference_id": "USN-7562-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7562-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/520?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.81", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.81" }, { "url": "http://public2.vulnerablecode.io/api/packages/358?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/274?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.0-M12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M12" } ], "aliases": [ "CVE-2023-45648", "GHSA-r6j3-px5g-cq3x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-16sq-3qm1-kqb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12127?format=api", "vulnerability_id": "VCID-2hmq-5245-jyaf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34305.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17371", "scoring_system": "epss", "scoring_elements": "0.95225", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.17371", "scoring_system": "epss", "scoring_elements": "0.95209", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34305" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat/commit/1a7e95d9c3ef18c4efb5eb997fd1553a71dc6c80", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/1a7e95d9c3ef18c4efb5eb997fd1553a71dc6c80" }, { "reference_url": "https://github.com/apache/tomcat/commit/5f6c88b054b0e4fbccff8b7f15974ed55d59a9f7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/5f6c88b054b0e4fbccff8b7f15974ed55d59a9f7" }, { "reference_url": "https://github.com/apache/tomcat/commit/8b60af90b99945379c2d1003277e0cabc6776bac", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/8b60af90b99945379c2d1003277e0cabc6776bac" }, { "reference_url": "https://github.com/apache/tomcat/commit/d6251d1cfb683f1bdd00ed022ac8e9b9a7e7792c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/d6251d1cfb683f1bdd00ed022ac8e9b9a7e7792c" }, { "reference_url": "https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220729-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220729-0006" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220729-0006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220729-0006/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/06/23/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/06/23/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102817", "reference_id": "2102817", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102817" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305", "reference_id": "CVE-2022-34305", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34305", "reference_id": "CVE-2022-34305", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34305" }, { "reference_url": "https://github.com/advisories/GHSA-6j88-6whg-x687", "reference_id": "GHSA-6j88-6whg-x687", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6j88-6whg-x687" }, { "reference_url": "https://security.gentoo.org/glsa/202208-34", "reference_id": "GLSA-202208-34", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/546?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.65", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.65" }, { "url": "http://public2.vulnerablecode.io/api/packages/383?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/384?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/388?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.0-M17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M17" } ], "aliases": [ "CVE-2022-34305", "GHSA-6j88-6whg-x687" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hmq-5245-jyaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28594?format=api", "vulnerability_id": "VCID-2n2k-sh22-fkfw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41284", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21313", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21497", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41284" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/17dacd9aa48628da2eba37a9ab743c0b6c71685c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/17dacd9aa48628da2eba37a9ab743c0b6c71685c" }, { "reference_url": "https://github.com/apache/tomcat/commit/a96fffd18487a29c0a30d36f00cb2b2d91f6d42c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a96fffd18487a29c0a30d36f00cb2b2d91f6d42c" }, { "reference_url": "https://github.com/apache/tomcat/commit/b3d1c1c239142e806be0b7329d304b94a58913ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b3d1c1c239142e806be0b7329d304b94a58913ed" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41284", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41284" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/12" }, { "reference_url": "https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc", "reference_id": "2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:57:41Z/" } ], "url": "https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284", "reference_id": "CVE-2026-41284", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284" }, { "reference_url": "https://github.com/advisories/GHSA-gx5v-xp9w-j4cg", "reference_id": "GHSA-gx5v-xp9w-j4cg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gx5v-xp9w-j4cg" }, { "reference_url": "https://usn.ubuntu.com/8417-1/", "reference_id": "USN-8417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8417-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/450?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/292?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/216?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22" } ], "aliases": [ "CVE-2026-41284", "GHSA-gx5v-xp9w-j4cg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2n2k-sh22-fkfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12463?format=api", "vulnerability_id": "VCID-3kn9-yxww-ryh4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42252", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52751", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.5288", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42252" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920" }, { "reference_url": "https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77" }, { "reference_url": "https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a" }, { "reference_url": "https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://security.gentoo.org/glsa/202305-37", "reference_id": "202305-37", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/" } ], "url": "https://security.gentoo.org/glsa/202305-37" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141329", "reference_id": "2141329", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252", "reference_id": "CVE-2022-42252", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42252", "reference_id": "CVE-2022-42252", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42252" }, { "reference_url": "https://github.com/advisories/GHSA-p22x-g9px-3945", "reference_id": "GHSA-p22x-g9px-3945", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p22x-g9px-3945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1663", "reference_id": "RHSA-2023:1663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1664", "reference_id": "RHSA-2023:1664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1664" }, { "reference_url": "https://usn.ubuntu.com/6880-1/", "reference_id": "USN-6880-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6880-1/" }, { "reference_url": "https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq", "reference_id": "zzcxzvqfdqn515zfs3dxb7n8gty589sq", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/" } ], "url": "https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/537?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.68", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.68" }, { "url": "http://public2.vulnerablecode.io/api/packages/380?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bbye-dcrb-t3ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/375?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1" } ], "aliases": [ "CVE-2022-42252", "GHSA-p22x-g9px-3945" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kn9-yxww-ryh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25635?format=api", "vulnerability_id": "VCID-63vc-sc11-8kf1", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55754.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55754.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33367", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33185", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55754" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2" }, { "reference_url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb" }, { "reference_url": "https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/10/27/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/10/27/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590", "reference_id": "2406590", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754", "reference_id": "CVE-2025-55754", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754", "reference_id": "CVE-2025-55754", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754" }, { "reference_url": "https://github.com/advisories/GHSA-vfww-5hm6-hx2j", "reference_id": "GHSA-vfww-5hm6-hx2j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vfww-5hm6-hx2j" }, { "reference_url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd", "reference_id": "j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T04:55:55Z/" } ], "url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18536", "reference_id": "RHSA-2026:18536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18537", "reference_id": "RHSA-2026:18537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18916", "reference_id": "RHSA-2026:18916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2740", "reference_id": "RHSA-2026:2740", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2740" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2741", "reference_id": "RHSA-2026:2741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6569", "reference_id": "RHSA-2026:6569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8334", "reference_id": "RHSA-2026:8334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8334" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/475?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.109", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.109" }, { "url": "http://public2.vulnerablecode.io/api/packages/316?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.45", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.45" }, { "url": "http://public2.vulnerablecode.io/api/packages/235?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.11" } ], "aliases": [ "CVE-2025-55754", "GHSA-vfww-5hm6-hx2j" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63vc-sc11-8kf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28596?format=api", "vulnerability_id": "VCID-697g-gcg9-zyaa", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41293.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41293.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.2247", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22276", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41293" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/19f17a257797e8d139b33ff9c88d362a273be148", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/19f17a257797e8d139b33ff9c88d362a273be148" }, { "reference_url": "https://github.com/apache/tomcat/commit/1c70480466572c9192ed412ebefcd43fc63137fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1c70480466572c9192ed412ebefcd43fc63137fd" }, { "reference_url": "https://github.com/apache/tomcat/commit/2a2476460e823789f530a22207873ea8cd6eff3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/2a2476460e823789f530a22207873ea8cd6eff3b" }, { "reference_url": "https://github.com/apache/tomcat/commit/3915fd27e6810b14ccd21e3d900bd8faef44d3df", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3915fd27e6810b14ccd21e3d900bd8faef44d3df" }, { "reference_url": "https://github.com/apache/tomcat/commit/57c2b3bfd62792631e1df24cf4237b990a0b36fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/57c2b3bfd62792631e1df24cf4237b990a0b36fa" }, { "reference_url": "https://github.com/apache/tomcat/commit/c2925554c677da57390f940d856871e18daaacab", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c2925554c677da57390f940d856871e18daaacab" }, { "reference_url": "https://github.com/apache/tomcat/commit/cf9452443bcbf3b1a4b435ef7d624364f1b65ca3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/cf9452443bcbf3b1a4b435ef7d624364f1b65ca3" }, { "reference_url": "https://github.com/apache/tomcat/commit/e5cef9618c3f4fd31bd6fb1e83f0f18022280dac", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/e5cef9618c3f4fd31bd6fb1e83f0f18022280dac" }, { "reference_url": "https://github.com/apache/tomcat/commit/f72a6174ab1f0f5a053435f80448b4f6837fe6d7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/f72a6174ab1f0f5a053435f80448b4f6837fe6d7" }, { "reference_url": "https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41293", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41293" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/13" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476513", "reference_id": "2476513", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293", "reference_id": "CVE-2026-41293", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293" }, { "reference_url": "https://github.com/advisories/GHSA-r29c-68gh-xp6x", "reference_id": "GHSA-r29c-68gh-xp6x", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r29c-68gh-xp6x" }, { "reference_url": "https://usn.ubuntu.com/8417-1/", "reference_id": "USN-8417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8417-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/450?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/292?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/216?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22" } ], "aliases": [ "CVE-2026-41293", "GHSA-r29c-68gh-xp6x" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-697g-gcg9-zyaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15869?format=api", "vulnerability_id": "VCID-6kab-xsqw-37ed", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.7232", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.72403", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42795" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf" }, { "reference_url": "https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75" }, { "reference_url": "https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4" }, { "reference_url": "https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231103-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231103-0007" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/10/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/10/9" }, { "reference_url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw", "reference_id": "065jfyo583490r9j2v73nhpyxdob56lw", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T16:23:53Z/" } ], "url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752", "reference_id": "2243752", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42795", "reference_id": "CVE-2023-42795", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42795" }, { "reference_url": "https://github.com/advisories/GHSA-g8pj-r55q-5c2v", "reference_id": "GHSA-g8pj-r55q-5c2v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g8pj-r55q-5c2v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6206", "reference_id": "RHSA-2023:6206", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6206" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6207", "reference_id": "RHSA-2023:6207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7247", "reference_id": "RHSA-2023:7247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0125", "reference_id": "RHSA-2024:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0474", "reference_id": "RHSA-2024:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0474" }, { "reference_url": "https://usn.ubuntu.com/7106-1/", "reference_id": "USN-7106-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7106-1/" }, { "reference_url": "https://usn.ubuntu.com/7562-1/", "reference_id": "USN-7562-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7562-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/520?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.81", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.81" }, { "url": "http://public2.vulnerablecode.io/api/packages/358?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/274?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.0-M12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M12" } ], "aliases": [ "CVE-2023-42795", "GHSA-g8pj-r55q-5c2v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6kab-xsqw-37ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25633?format=api", "vulnerability_id": "VCID-6wqu-jupw-tyhu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51126", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51257", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55752" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06" }, { "reference_url": "https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df" }, { "reference_url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/10/27/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/10/27/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591", "reference_id": "2406591", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752", "reference_id": "CVE-2025-55752", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752", "reference_id": "CVE-2025-55752", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability", "reference_id": "CVE-2025-55752-DETECT-APACHE-TOMCAT-VULNERABILITY", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability", "reference_id": "CVE-2025-55752-MITIGATE-APACHE-TOMCAT-VULNERABILITY", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability" }, { "reference_url": "https://github.com/advisories/GHSA-wmwf-9ccg-fff5", "reference_id": "GHSA-wmwf-9ccg-fff5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wmwf-9ccg-fff5" }, { "reference_url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog", "reference_id": "n05kjcwyj1s45ovs8ll1qrrojhfb1tog", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T03:56:06Z/" } ], "url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19809", "reference_id": "RHSA-2025:19809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19809" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19810", "reference_id": "RHSA-2025:19810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22924", "reference_id": "RHSA-2025:22924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22925", "reference_id": "RHSA-2025:22925", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23044", "reference_id": "RHSA-2025:23044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23045", "reference_id": "RHSA-2025:23045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23046", "reference_id": "RHSA-2025:23046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23047", "reference_id": "RHSA-2025:23047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23048", "reference_id": "RHSA-2025:23048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23049", "reference_id": "RHSA-2025:23049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23050", "reference_id": "RHSA-2025:23050", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23051", "reference_id": "RHSA-2025:23051", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23052", "reference_id": "RHSA-2025:23052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23053", "reference_id": "RHSA-2025:23053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23225", "reference_id": "RHSA-2025:23225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0292", "reference_id": "RHSA-2026:0292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0293", "reference_id": "RHSA-2026:0293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0293" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2724", "reference_id": "RHSA-2026:2724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2725", "reference_id": "RHSA-2026:2725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2726", "reference_id": "RHSA-2026:2726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6569", "reference_id": "RHSA-2026:6569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8334", "reference_id": "RHSA-2026:8334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8334" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/475?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.109", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.109" }, { "url": "http://public2.vulnerablecode.io/api/packages/316?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.45", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.45" }, { "url": "http://public2.vulnerablecode.io/api/packages/235?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.11" } ], "aliases": [ "CVE-2025-55752", "GHSA-wmwf-9ccg-fff5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6wqu-jupw-tyhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27439?format=api", "vulnerability_id": "VCID-7wr9-uez1-8bdg", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10241", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.1029", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25854" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695" }, { "reference_url": "https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2" }, { "reference_url": "https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25854", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25854" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/21" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356", "reference_id": "1133356", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357", "reference_id": "1133357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457039", "reference_id": "2457039", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457039" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854", "reference_id": "CVE-2026-25854", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854" }, { "reference_url": "https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0", "reference_id": "ghct3b6o74bp2vm7q875s1zh0dqrz3h0", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:57Z/" } ], "url": "https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0" }, { "reference_url": "https://github.com/advisories/GHSA-9m3c-qcxr-9x87", "reference_id": "GHSA-9m3c-qcxr-9x87", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9m3c-qcxr-9x87" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20405", "reference_id": "RHSA-2026:20405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20406", "reference_id": "RHSA-2026:20406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/456?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.116", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-nfmu-1t27-e3fu" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116" }, { "url": "http://public2.vulnerablecode.io/api/packages/296?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.53", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-nfmu-1t27-e3fu" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53" }, { "url": "http://public2.vulnerablecode.io/api/packages/220?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-nfmu-1t27-e3fu" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20" } ], "aliases": [ "CVE-2026-25854", "GHSA-9m3c-qcxr-9x87" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wr9-uez1-8bdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29213?format=api", "vulnerability_id": "VCID-97et-ubnp-wqcy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43512.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43512.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33696", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33874", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43512" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat/commit/3d4d3fae07a6cd9c2eb193c5491001740ec64448", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3d4d3fae07a6cd9c2eb193c5491001740ec64448" }, { "reference_url": "https://github.com/apache/tomcat/commit/6565a6cb6499e56fe2f34457cec99f9d1c4f39e9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6565a6cb6499e56fe2f34457cec99f9d1c4f39e9" }, { "reference_url": "https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476511", "reference_id": "2476511", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476511" }, { "reference_url": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73", "reference_id": "7x09x7o12solvclslw3sz0288xc8wx73", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:38:42Z/" } ], "url": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512", "reference_id": "CVE-2026-43512", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512" }, { "reference_url": "https://github.com/advisories/GHSA-h6fc-48rj-7qqh", "reference_id": "GHSA-h6fc-48rj-7qqh", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6fc-48rj-7qqh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13745", "reference_id": "RHSA-2026:13745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16528", "reference_id": "RHSA-2026:16528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25123", "reference_id": "RHSA-2026:25123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:25123" }, { "reference_url": "https://usn.ubuntu.com/8383-1/", "reference_id": "USN-8383-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8383-1/" }, { "reference_url": "https://usn.ubuntu.com/8417-1/", "reference_id": "USN-8417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8417-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/450?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/292?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/216?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22" } ], "aliases": [ "CVE-2026-43512", "GHSA-h6fc-48rj-7qqh" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-97et-ubnp-wqcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28669?format=api", "vulnerability_id": "VCID-9xyf-k9wq-g7b9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15929", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16071", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42498" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/169d725788ea6aec217ecac70fe4161c837ba423", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/169d725788ea6aec217ecac70fe4161c837ba423" }, { "reference_url": "https://github.com/apache/tomcat/commit/6cbe274592ef2d11607b5b188e1df649de52f8d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6cbe274592ef2d11607b5b188e1df649de52f8d5" }, { "reference_url": "https://github.com/apache/tomcat/commit/b7b173694d588ddcfa432f079baf763cbbbaa5c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b7b173694d588ddcfa432f079baf763cbbbaa5c4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42498", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42498" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476516", "reference_id": "2476516", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476516" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498", "reference_id": "CVE-2026-42498", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498" }, { "reference_url": "https://github.com/advisories/GHSA-fv25-8xcx-gqjc", "reference_id": "GHSA-fv25-8xcx-gqjc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fv25-8xcx-gqjc" }, { "reference_url": "https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb", "reference_id": "n61zwf75jrv09rz90j4jssncm244bwdb", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:58:45Z/" } ], "url": "https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb" }, { "reference_url": "https://usn.ubuntu.com/8417-1/", "reference_id": "USN-8417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8417-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/450?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/292?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/216?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22" } ], "aliases": [ "CVE-2026-42498", "GHSA-fv25-8xcx-gqjc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyf-k9wq-g7b9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63402?format=api", "vulnerability_id": "VCID-bbye-dcrb-t3ev", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42340.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42340.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04282", "scoring_system": "epss", "scoring_elements": "0.89132", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.04282", "scoring_system": "epss", "scoring_elements": "0.89094", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42340" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/31d62426645824bdfe076a0c0eafa904d90b4fb9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/31d62426645824bdfe076a0c0eafa904d90b4fb9" }, { "reference_url": "https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47" }, { "reference_url": "https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a" }, { "reference_url": "https://github.com/apache/tomcat/commit/d5a6660cba7f51589468937bf3bbad4db7810371", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d5a6660cba7f51589468937bf3bbad4db7810371" }, { "reference_url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42340", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42340" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211104-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20211104-0001" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-5009" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014356", "reference_id": "2014356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014356" }, { "reference_url": "https://security.archlinux.org/AVG-2469", "reference_id": "AVG-2469", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2469" }, { "reference_url": "https://security.archlinux.org/AVG-2470", "reference_id": "AVG-2470", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340", "reference_id": "CVE-2021-42340", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340" }, { "reference_url": "https://github.com/advisories/GHSA-wph7-x527-w3h5", "reference_id": "GHSA-wph7-x527-w3h5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wph7-x527-w3h5" }, { "reference_url": "https://security.gentoo.org/glsa/202208-34", "reference_id": "GLSA-202208-34", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4861", "reference_id": "RHSA-2021:4861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4863", "reference_id": "RHSA-2021:4863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1179", "reference_id": "RHSA-2022:1179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/562?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.54", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.54" }, { "url": "http://public2.vulnerablecode.io/api/packages/416?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/420?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.0-M6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M6" }, { "url": "http://public2.vulnerablecode.io/api/packages/375?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1" } ], "aliases": [ "CVE-2021-42340", "GHSA-wph7-x527-w3h5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbye-dcrb-t3ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27681?format=api", "vulnerability_id": "VCID-dhxd-kknv-9qb7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-29146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12919", "scoring_system": "epss", "scoring_elements": "0.94218", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.12919", "scoring_system": "epss", "scoring_elements": "0.94239", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-29146" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1" }, { "reference_url": "https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd" }, { "reference_url": "https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1" }, { "reference_url": "https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c" }, { "reference_url": "https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa" }, { "reference_url": "https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29146", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29146" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116" }, { "reference_url": "https://www.herodevs.com/vulnerability-directory/cve-2026-29146", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.herodevs.com/vulnerability-directory/cve-2026-29146" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/24" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356", "reference_id": "1133356", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357", "reference_id": "1133357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457020", "reference_id": "2457020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146", "reference_id": "CVE-2026-29146", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146" }, { "reference_url": "https://github.com/advisories/GHSA-h468-7pvh-8vr8", "reference_id": "GHSA-h468-7pvh-8vr8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h468-7pvh-8vr8" }, { "reference_url": "https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w", "reference_id": "lzt04z2pb3dc5tk85obn80xygw3z1p0w", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:17:02Z/" } ], "url": "https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20405", "reference_id": "RHSA-2026:20405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20406", "reference_id": "RHSA-2026:20406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/456?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.116", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-nfmu-1t27-e3fu" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116" }, { "url": "http://public2.vulnerablecode.io/api/packages/449?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.117", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117" }, { "url": "http://public2.vulnerablecode.io/api/packages/296?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.53", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-nfmu-1t27-e3fu" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53" }, { "url": "http://public2.vulnerablecode.io/api/packages/291?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.54", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54" }, { "url": "http://public2.vulnerablecode.io/api/packages/220?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-nfmu-1t27-e3fu" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/215?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21" } ], "aliases": [ "CVE-2026-29146", "GHSA-h468-7pvh-8vr8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dhxd-kknv-9qb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29216?format=api", "vulnerability_id": "VCID-dj7q-4map-ebg4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26417", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26619", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43515" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/0659748659ec75253fea5aac72cab6f94e79c419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/0659748659ec75253fea5aac72cab6f94e79c419" }, { "reference_url": "https://github.com/apache/tomcat/commit/276087d9c7abbcecc6c4fb4e4b08cf64780c6e36", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/276087d9c7abbcecc6c4fb4e4b08cf64780c6e36" }, { "reference_url": "https://github.com/apache/tomcat/commit/c621317382682206fb58ab92ebd3e1b6fdd10ce9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c621317382682206fb58ab92ebd3e1b6fdd10ce9" }, { "reference_url": "https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43515", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43515" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/11" }, { "reference_url": "https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb", "reference_id": "746nxfxod0wsocxtmv8pb8nkgmwpc6bb", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:33:57Z/" } ], "url": "https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515", "reference_id": "CVE-2026-43515", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515" }, { "reference_url": "https://github.com/advisories/GHSA-5m62-pw8w-7w9f", "reference_id": "GHSA-5m62-pw8w-7w9f", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5m62-pw8w-7w9f" }, { "reference_url": "https://usn.ubuntu.com/8383-1/", "reference_id": "USN-8383-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8383-1/" }, { "reference_url": "https://usn.ubuntu.com/8417-1/", "reference_id": "USN-8417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8417-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/450?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/292?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/216?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22" } ], "aliases": [ "CVE-2026-43515", "GHSA-5m62-pw8w-7w9f" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dj7q-4map-ebg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11882?format=api", "vulnerability_id": "VCID-dx14-ejnx-37ad", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.55532", "scoring_system": "epss", "scoring_elements": "0.98121", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.55532", "scoring_system": "epss", "scoring_elements": "0.98128", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29885" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d" }, { "reference_url": "https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91" }, { "reference_url": "https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890" }, { "reference_url": "https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48" }, { "reference_url": "https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220629-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220629-0002" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093014", "reference_id": "2093014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885", "reference_id": "CVE-2022-29885", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py", "reference_id": "CVE-2022-29885", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29885", "reference_id": "CVE-2022-29885", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29885" }, { "reference_url": "https://github.com/advisories/GHSA-r84p-88g2-2vx2", "reference_id": "GHSA-r84p-88g2-2vx2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r84p-88g2-2vx2" }, { "reference_url": "https://usn.ubuntu.com/6943-1/", "reference_id": "USN-6943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/550?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.63", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.63" }, { "url": "http://public2.vulnerablecode.io/api/packages/392?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/396?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.0-M15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M15" }, { "url": "http://public2.vulnerablecode.io/api/packages/375?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1" } ], "aliases": [ "CVE-2022-29885", "GHSA-r84p-88g2-2vx2" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dx14-ejnx-37ad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29214?format=api", "vulnerability_id": "VCID-hv33-kv9q-gugf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24017", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24213", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43513" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/4a90d3fa93988c447cd5bb7482f76ff70d7f15c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4a90d3fa93988c447cd5bb7482f76ff70d7f15c2" }, { "reference_url": "https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717" }, { "reference_url": "https://github.com/apache/tomcat/commit/83f3e51df7b87f5f6e626951c575ded1a512e8ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/83f3e51df7b87f5f6e626951c575ded1a512e8ef" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43513", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43513" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/9" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513", "reference_id": "CVE-2026-43513", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513" }, { "reference_url": "https://github.com/advisories/GHSA-5mp6-jrq3-r938", "reference_id": "GHSA-5mp6-jrq3-r938", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5mp6-jrq3-r938" }, { "reference_url": "https://usn.ubuntu.com/8383-1/", "reference_id": "USN-8383-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8383-1/" }, { "reference_url": "https://usn.ubuntu.com/8417-1/", "reference_id": "USN-8417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8417-1/" }, { "reference_url": "https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp", "reference_id": "ytjcgldshj73lcnd1sh95od5hrghwogp", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T16:34:43Z/" } ], "url": "https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/450?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/292?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/216?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22" } ], "aliases": [ "CVE-2026-43513", "GHSA-5mp6-jrq3-r938" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hv33-kv9q-gugf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28349?format=api", "vulnerability_id": "VCID-hvgr-azs4-qqac", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34483", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20955", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.21131", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34483" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68" }, { "reference_url": "https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06" }, { "reference_url": "https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34483", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34483" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/26", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/26" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356", "reference_id": "1133356", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357", "reference_id": "1133357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457044", "reference_id": "2457044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483", "reference_id": "CVE-2026-34483", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483" }, { "reference_url": "https://github.com/advisories/GHSA-rv64-5gf8-9qq8", "reference_id": "GHSA-rv64-5gf8-9qq8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rv64-5gf8-9qq8" }, { "reference_url": "https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b", "reference_id": "j1w7304yonlr8vo1tkb5nfs7od1y228b", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:16:32Z/" } ], "url": "https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20405", "reference_id": "RHSA-2026:20405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20406", "reference_id": "RHSA-2026:20406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/456?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.116", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-nfmu-1t27-e3fu" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116" }, { "url": "http://public2.vulnerablecode.io/api/packages/449?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.117", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117" }, { "url": "http://public2.vulnerablecode.io/api/packages/291?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.54", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54" }, { "url": "http://public2.vulnerablecode.io/api/packages/215?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21" } ], "aliases": [ "CVE-2026-34483", "GHSA-rv64-5gf8-9qq8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hvgr-azs4-qqac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25782?format=api", "vulnerability_id": "VCID-keh1-ycs9-ybdd", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31943", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32128", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61795" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06" }, { "reference_url": "https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0" }, { "reference_url": "https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/10/27/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/10/27/6" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293", "reference_id": "1119293", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294", "reference_id": "1119294", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588", "reference_id": "2406588", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795", "reference_id": "CVE-2025-61795", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795", "reference_id": "CVE-2025-61795", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795" }, { "reference_url": "https://github.com/advisories/GHSA-hgrr-935x-pq79", "reference_id": "GHSA-hgrr-935x-pq79", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hgrr-935x-pq79" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19809", "reference_id": "RHSA-2025:19809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19809" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19810", "reference_id": "RHSA-2025:19810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23050", "reference_id": "RHSA-2025:23050", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23051", "reference_id": "RHSA-2025:23051", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6569", "reference_id": "RHSA-2026:6569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8334", "reference_id": "RHSA-2026:8334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8334" }, { "reference_url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp", "reference_id": "wm9mx8brmx9g4zpywm06ryrtvd3160pp", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T18:48:52Z/" } ], "url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/476?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.110", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.110" }, { "url": "http://public2.vulnerablecode.io/api/packages/312?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.47", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.47" }, { "url": "http://public2.vulnerablecode.io/api/packages/236?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.12" } ], "aliases": [ "CVE-2025-61795", "GHSA-hgrr-935x-pq79" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-keh1-ycs9-ybdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21714?format=api", "vulnerability_id": "VCID-ngy5-k9cv-rkbn", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54677", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79627", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79562", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54677" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd" }, { "reference_url": "https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d" }, { "reference_url": "https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4" }, { "reference_url": "https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a" }, { "reference_url": "https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746" }, { "reference_url": "https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd" }, { "reference_url": "https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c" }, { "reference_url": "https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1" }, { "reference_url": "https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc" }, { "reference_url": "https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654" }, { "reference_url": "https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e" }, { "reference_url": "https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533" }, { "reference_url": "https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a" }, { "reference_url": "https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1" }, { "reference_url": "https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408" }, { "reference_url": "https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66" }, { "reference_url": "https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a" }, { "reference_url": "https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044" }, { "reference_url": "https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213" }, { "reference_url": "https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb" }, { "reference_url": "https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444" }, { "reference_url": "https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585" }, { "reference_url": "https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54677", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54677" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250131-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250131-0006" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/17/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/17/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/17/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/17/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/18/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/18/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332815", "reference_id": "2332815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677", "reference_id": "CVE-2024-54677", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677" }, { "reference_url": "https://github.com/advisories/GHSA-653p-vg55-5652", "reference_id": "GHSA-653p-vg55-5652", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-653p-vg55-5652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7497", "reference_id": "RHSA-2025:7497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7497" }, { "reference_url": "https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n", "reference_id": "tdtbbxpg5trdwc2wnopcth9ccvdftq2n", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-17T16:41:40Z/" } ], "url": "https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n" }, { "reference_url": "https://usn.ubuntu.com/7705-1/", "reference_id": "USN-7705-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7705-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/497?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.98", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-kehq-gcjx-17e4" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.98" }, { "url": "http://public2.vulnerablecode.io/api/packages/333?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-kehq-gcjx-17e4" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/253?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-kehq-gcjx-17e4" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.2" } ], "aliases": [ "CVE-2024-54677", "GHSA-653p-vg55-5652" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngy5-k9cv-rkbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25899?format=api", "vulnerability_id": "VCID-p4j1-xp15-t3b8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66614.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66614.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16385", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1653", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66614" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36" }, { "reference_url": "https://github.com/apache/tomcat/commit/152c14885d45f5e0a8b59bd9f93c289cfe20ce30", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/152c14885d45f5e0a8b59bd9f93c289cfe20ce30" }, { "reference_url": "https://github.com/apache/tomcat/commit/258a591b61f8cf5c22109e21e5a2a38b63454fd2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/258a591b61f8cf5c22109e21e5a2a38b63454fd2" }, { "reference_url": "https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02" }, { "reference_url": "https://github.com/apache/tomcat/commit/5053fa82a1b2b52756810601227984a8b71888a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/5053fa82a1b2b52756810601227984a8b71888a4" }, { "reference_url": "https://github.com/apache/tomcat/commit/9276b5e783c8cd5b3fe2bb716306b65004bdd940", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/9276b5e783c8cd5b3fe2bb716306b65004bdd940" }, { "reference_url": "https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53" }, { "reference_url": "https://github.com/apache/tomcat/commit/972f9a5e2a07674d92610c478aac1b205d60724e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/972f9a5e2a07674d92610c478aac1b205d60724e" }, { "reference_url": "https://github.com/apache/tomcat/commit/a4aa74232e826028cd2f7ba0445caf8a8b52c509", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a4aa74232e826028cd2f7ba0445caf8a8b52c509" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440430", "reference_id": "2440430", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440430" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614", "reference_id": "CVE-2025-66614", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66614", "reference_id": "CVE-2025-66614", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66614" }, { "reference_url": "https://github.com/advisories/GHSA-fpj8-gq4v-p354", "reference_id": "GHSA-fpj8-gq4v-p354", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fpj8-gq4v-p354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12194", "reference_id": "RHSA-2026:12194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12195", "reference_id": "RHSA-2026:12195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6569", "reference_id": "RHSA-2026:6569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8334", "reference_id": "RHSA-2026:8334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8334" }, { "reference_url": "https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7", "reference_id": "vw6lxtlh2qbqwpb61wd3sv1flm2nttw7", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-21T21:17:26Z/" } ], "url": "https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/463?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.113", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-8sda-scr3-qfex" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.113" }, { "url": "http://public2.vulnerablecode.io/api/packages/456?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.116", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-nfmu-1t27-e3fu" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116" }, { "url": "http://public2.vulnerablecode.io/api/packages/299?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.50", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-8sda-scr3-qfex" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/296?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.53", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-nfmu-1t27-e3fu" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53" }, { "url": "http://public2.vulnerablecode.io/api/packages/223?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-8sda-scr3-qfex" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/220?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-nfmu-1t27-e3fu" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20" } ], "aliases": [ "CVE-2025-66614", "GHSA-fpj8-gq4v-p354" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p4j1-xp15-t3b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10077?format=api", "vulnerability_id": "VCID-r9fd-ndvw-ekfa", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41079.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41079.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27889", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27687", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/34115fb3c83f6cd97772232316a492a4cc5729e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/34115fb3c83f6cd97772232316a492a4cc5729e0" }, { "reference_url": "https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822" }, { "reference_url": "https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8" }, { "reference_url": "https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb4de81ac647043541a32881099aa6eb5a23f1b7fd116f713f8ab9dbe@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb4de81ac647043541a32881099aa6eb5a23f1b7fd116f713f8ab9dbe@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00012.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41079", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41079" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211008-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20211008-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211008-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20211008-0005/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4986", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4986" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004820", "reference_id": "2004820", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004820" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41079", "reference_id": "CVE-2021-41079", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41079" }, { "reference_url": "https://github.com/advisories/GHSA-59g9-7gfx-c72p", "reference_id": "GHSA-59g9-7gfx-c72p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-59g9-7gfx-c72p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3741", "reference_id": "RHSA-2021:3741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3743", "reference_id": "RHSA-2021:3743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1179", "reference_id": "RHSA-2022:1179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://usn.ubuntu.com/5360-1/", "reference_id": "USN-5360-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5360-1/" }, { "reference_url": "https://usn.ubuntu.com/6943-1/", "reference_id": "USN-6943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/570?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ndb1-hdsw-v7fq" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.44" }, { "url": "http://public2.vulnerablecode.io/api/packages/430?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-ndb1-hdsw-v7fq" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.4" } ], "aliases": [ "CVE-2021-41079", "GHSA-59g9-7gfx-c72p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r9fd-ndvw-ekfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29215?format=api", "vulnerability_id": "VCID-s2kf-jwgc-pfas", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43514.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27214", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27415", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43514" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/2e676264ce27448a4d4841e42c1238bd10ca3755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/2e676264ce27448a4d4841e42c1238bd10ca3755" }, { "reference_url": "https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa" }, { "reference_url": "https://github.com/apache/tomcat/commit/a102a2a157868ca51d83eaf5a119ccd9976a113e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a102a2a157868ca51d83eaf5a119ccd9976a113e" }, { "reference_url": "https://github.com/apache/tomcat/commit/a90c358400c133b6173c6b26591923bf814a8508", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/a90c358400c133b6173c6b26591923bf814a8508" }, { "reference_url": "https://github.com/apache/tomcat/commit/d35d9d23263c8e4af561f615c960c91697ff200e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d35d9d23263c8e4af561f615c960c91697ff200e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43514", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43514" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/12/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/12/10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476512", "reference_id": "2476512", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476512" }, { "reference_url": "https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m", "reference_id": "2k654v5cq123npfsd1b2kk1y30owqb1m", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:22:38Z/" } ], "url": "https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514", "reference_id": "CVE-2026-43514", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514" }, { "reference_url": "https://github.com/advisories/GHSA-9m89-8frq-c98c", "reference_id": "GHSA-9m89-8frq-c98c", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9m89-8frq-c98c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/450?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.118", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118" }, { "url": "http://public2.vulnerablecode.io/api/packages/292?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.55", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/216?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22" } ], "aliases": [ "CVE-2026-43514", "GHSA-9m89-8frq-c98c" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s2kf-jwgc-pfas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27398?format=api", "vulnerability_id": "VCID-t8tc-zb3w-57gv", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38954", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39126", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a" }, { "reference_url": "https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb" }, { "reference_url": "https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5" }, { "reference_url": "https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c" }, { "reference_url": "https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522" }, { "reference_url": "https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24880", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24880" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116" }, { "reference_url": "https://www.herodevs.com/vulnerability-directory/cve-2026-24880", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.herodevs.com/vulnerability-directory/cve-2026-24880" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/20", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/20" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356", "reference_id": "1133356", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357", "reference_id": "1133357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457040", "reference_id": "2457040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457040" }, { "reference_url": "https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn", "reference_id": "2c682qnlg2tv4o5knlggqbl9yc2gb5sn", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/" } ], "url": "https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880", "reference_id": "CVE-2026-24880", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880" }, { "reference_url": "https://github.com/advisories/GHSA-563x-q5rq-57qp", "reference_id": "GHSA-563x-q5rq-57qp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-563x-q5rq-57qp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20405", "reference_id": "RHSA-2026:20405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20406", "reference_id": "RHSA-2026:20406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/456?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.116", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-nfmu-1t27-e3fu" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116" }, { "url": "http://public2.vulnerablecode.io/api/packages/300?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.52", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-8sda-scr3-qfex" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-r6yr-45cm-8ucv" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.52" }, { "url": "http://public2.vulnerablecode.io/api/packages/296?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.53", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-nfmu-1t27-e3fu" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53" }, { "url": "http://public2.vulnerablecode.io/api/packages/220?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-nfmu-1t27-e3fu" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20" } ], "aliases": [ "CVE-2026-24880", "GHSA-563x-q5rq-57qp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8tc-zb3w-57gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10225?format=api", "vulnerability_id": "VCID-tvrz-n2kd-pba4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42334", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42498", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43980" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1" }, { "reference_url": "https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13" }, { "reference_url": "https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb" }, { "reference_url": "https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/28/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/09/28/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130599", "reference_id": "2130599", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130599" }, { "reference_url": "https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3", "reference_id": "3jjqbsp6j88b198x5rmg99b1qr8ht3g3", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/" } ], "url": "https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980", "reference_id": "CVE-2021-43980", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43980", "reference_id": "CVE-2021-43980", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43980" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5265", "reference_id": "dsa-5265", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5265" }, { "reference_url": "https://github.com/advisories/GHSA-jx7c-7mj5-9438", "reference_id": "GHSA-jx7c-7mj5-9438", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jx7c-7mj5-9438" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html", "reference_id": "msg00029.html", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7272", "reference_id": "RHSA-2022:7272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7273", "reference_id": "RHSA-2022:7273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7273" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/549?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.62", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.62" }, { "url": "http://public2.vulnerablecode.io/api/packages/391?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dx14-ejnx-37ad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/395?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.0-M14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M14" }, { "url": "http://public2.vulnerablecode.io/api/packages/375?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1" } ], "aliases": [ "CVE-2021-43980", "GHSA-jx7c-7mj5-9438" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tvrz-n2kd-pba4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15813?format=api", "vulnerability_id": "VCID-uyc3-3cnp-wqf3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11586", "scoring_system": "epss", "scoring_elements": "0.93829", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.11586", "scoring_system": "epss", "scoring_elements": "0.93808", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41080" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b" }, { "reference_url": "https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b" }, { "reference_url": "https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27" }, { "reference_url": "https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230921-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230921-0006" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370", "reference_id": "2235370", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370" }, { "reference_url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f", "reference_id": "71wvwprtx2j2m54fovq9zr7gbm2wow2f", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:42:58Z/" } ], "url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080", "reference_id": "CVE-2023-41080", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080" }, { "reference_url": "https://github.com/advisories/GHSA-q3mw-pvr8-9ggc", "reference_id": "GHSA-q3mw-pvr8-9ggc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q3mw-pvr8-9ggc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5946", "reference_id": "RHSA-2023:5946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7622", "reference_id": "RHSA-2023:7622", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7622" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7623", "reference_id": "RHSA-2023:7623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7678", "reference_id": "RHSA-2023:7678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0125", "reference_id": "RHSA-2024:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0474", "reference_id": "RHSA-2024:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1324", "reference_id": "RHSA-2024:1324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1325", "reference_id": "RHSA-2024:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4631", "reference_id": "RHSA-2024:4631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4631" }, { "reference_url": "https://usn.ubuntu.com/7106-1/", "reference_id": "USN-7106-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7106-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/519?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.80", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-xuma-qnw9-8bb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.80" }, { "url": "http://public2.vulnerablecode.io/api/packages/357?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/273?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11" } ], "aliases": [ "CVE-2023-41080", "GHSA-q3mw-pvr8-9ggc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyc3-3cnp-wqf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16010?format=api", "vulnerability_id": "VCID-v5zf-qfdq-kbbp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.53163", "scoring_system": "epss", "scoring_elements": "0.98026", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.53163", "scoring_system": "epss", "scoring_elements": "0.98033", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46589" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b" }, { "reference_url": "https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd" }, { "reference_url": "https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642" }, { "reference_url": "https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231214-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231214-0009" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/28/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/28/2" }, { "reference_url": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr", "reference_id": "0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/" } ], "url": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082", "reference_id": "1057082", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/11/28/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/11/28/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252050", "reference_id": "2252050", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252050" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589", "reference_id": "CVE-2023-46589", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589" }, { "reference_url": "https://github.com/advisories/GHSA-fccv-jmmp-qg76", "reference_id": "GHSA-fccv-jmmp-qg76", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fccv-jmmp-qg76" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0532", "reference_id": "RHSA-2024:0532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0539", "reference_id": "RHSA-2024:0539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1092", "reference_id": "RHSA-2024:1092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1134", "reference_id": "RHSA-2024:1134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1318", "reference_id": "RHSA-2024:1318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1319", "reference_id": "RHSA-2024:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1324", "reference_id": "RHSA-2024:1324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1325", "reference_id": "RHSA-2024:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3354", "reference_id": "RHSA-2024:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3354" }, { "reference_url": "https://usn.ubuntu.com/7032-1/", "reference_id": "USN-7032-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7032-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/470?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.83", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.83" }, { "url": "http://public2.vulnerablecode.io/api/packages/354?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/273?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-1weg-s38v-nkh9" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11" }, { "url": "http://public2.vulnerablecode.io/api/packages/256?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-8zsm-8skx-dfha" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-nctp-shgj-sfgh" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uqgg-5gr8-sfgg" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.1" } ], "aliases": [ "CVE-2023-46589", "GHSA-fccv-jmmp-qg76" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v5zf-qfdq-kbbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9437?format=api", "vulnerability_id": "VCID-vfh6-rc99-e3bf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31153", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30957", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30640" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100" }, { "reference_url": "https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f" }, { "reference_url": "https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c" }, { "reference_url": "https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0" }, { "reference_url": "https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945" }, { "reference_url": "https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7" }, { "reference_url": "https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe" }, { "reference_url": "https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38" }, { "reference_url": "https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434" }, { "reference_url": "https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b" }, { "reference_url": "https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89" }, { "reference_url": "https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56" }, { "reference_url": "https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375" }, { "reference_url": "https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43" }, { "reference_url": "https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b" }, { "reference_url": "https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef" }, { "reference_url": "https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb" }, { "reference_url": "https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e" }, { "reference_url": "https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822" }, { "reference_url": "https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972" }, { "reference_url": "https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667" }, { "reference_url": "https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9" }, { "reference_url": "https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862" }, { "reference_url": "https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51" }, { "reference_url": "https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6" }, { "reference_url": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30640", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30640" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210827-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210827-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210827-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210827-0007/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4952", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4952" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4986", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4986" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981544", "reference_id": "1981544", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981544" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046", "reference_id": "991046", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640", "reference_id": "CVE-2021-30640", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640" }, { "reference_url": "https://github.com/advisories/GHSA-36qh-35cm-5w2w", "reference_id": "GHSA-36qh-35cm-5w2w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-36qh-35cm-5w2w" }, { "reference_url": "https://security.gentoo.org/glsa/202208-34", "reference_id": "GLSA-202208-34", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4861", "reference_id": "RHSA-2021:4861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4863", "reference_id": "RHSA-2021:4863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1179", "reference_id": "RHSA-2022:1179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://usn.ubuntu.com/5360-1/", "reference_id": "USN-5360-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5360-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/568?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.45", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.45" }, { "url": "http://public2.vulnerablecode.io/api/packages/565?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.46", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-64zy-xgrf-eba1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/426?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/423?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-64zy-xgrf-eba1" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.6" } ], "aliases": [ "CVE-2021-30640", "GHSA-36qh-35cm-5w2w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfh6-rc99-e3bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28351?format=api", "vulnerability_id": "VCID-vnfg-9em7-u7ee", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34487", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22184", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22375", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34487" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150" }, { "reference_url": "https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d" }, { "reference_url": "https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34487", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34487" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/28", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/28" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356", "reference_id": "1133356", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357", "reference_id": "1133357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457038", "reference_id": "2457038", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457038" }, { "reference_url": "https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h", "reference_id": "4xpkwolpkrj8v5xzp5nyovtlqp3y850h", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:47:28Z/" } ], "url": "https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487", "reference_id": "CVE-2026-34487", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487" }, { "reference_url": "https://github.com/advisories/GHSA-x4m4-345f-5h5g", "reference_id": "GHSA-x4m4-345f-5h5g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4m4-345f-5h5g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20405", "reference_id": "RHSA-2026:20405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20406", "reference_id": "RHSA-2026:20406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/449?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.117", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117" }, { "url": "http://public2.vulnerablecode.io/api/packages/291?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.54", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54" }, { "url": "http://public2.vulnerablecode.io/api/packages/215?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@11.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21" } ], "aliases": [ "CVE-2026-34487", "GHSA-x4m4-345f-5h5g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vnfg-9em7-u7ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12583?format=api", "vulnerability_id": "VCID-x7wn-uamc-6bg5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45143.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.75966", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00889", "scoring_system": "epss", "scoring_elements": "0.76038", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45143" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf" }, { "reference_url": "https://github.com/apache/tomcat/commit/6a0ac6a438cbbb66b6e9c5223842f53bf0cb50aa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6a0ac6a438cbbb66b6e9c5223842f53bf0cb50aa" }, { "reference_url": "https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45143", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45143" }, { "reference_url": "https://security.gentoo.org/glsa/202305-37", "reference_id": "202305-37", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:55:21Z/" } ], "url": "https://security.gentoo.org/glsa/202305-37" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158695", "reference_id": "2158695", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45143", "reference_id": "CVE-2022-45143", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45143" }, { "reference_url": "https://github.com/advisories/GHSA-rq2w-37h9-vg94", "reference_id": "GHSA-rq2w-37h9-vg94", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rq2w-37h9-vg94" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1663", "reference_id": "RHSA-2023:1663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1664", "reference_id": "RHSA-2023:1664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3954", "reference_id": "RHSA-2023:3954", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3954" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4612", "reference_id": "RHSA-2023:4612", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4612" }, { "reference_url": "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj", "reference_id": "yqkd183xrw3wqvnpcg3osbcryq85fkzj", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:55:21Z/" } ], "url": "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/538?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.69", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.69" }, { "url": "http://public2.vulnerablecode.io/api/packages/376?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bwh8-tmf1-8uac" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-n4qq-m1x3-qkbz" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.2" } ], "aliases": [ "CVE-2022-45143", "GHSA-rq2w-37h9-vg94" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7wn-uamc-6bg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18189?format=api", "vulnerability_id": "VCID-yjb8-hdqu-4fe5", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21733.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70951", "scoring_system": "epss", "scoring_elements": "0.98731", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.70951", "scoring_system": "epss", "scoring_elements": "0.98726", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21733" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a" }, { "reference_url": "https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240216-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240216-0005" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/19/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/19/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259204", "reference_id": "2259204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259204" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733", "reference_id": "CVE-2024-21733", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21733", "reference_id": "CVE-2024-21733", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21733" }, { "reference_url": "https://github.com/advisories/GHSA-f4qf-m5gf-8jm8", "reference_id": "GHSA-f4qf-m5gf-8jm8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4qf-m5gf-8jm8" }, { "reference_url": "https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz", "reference_id": "h9bjqdd0odj6lhs2o96qgowcc6hb0cfz", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T16:09:11Z/" } ], "url": "https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2707", "reference_id": "RHSA-2024:2707", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2707" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3354", "reference_id": "RHSA-2024:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3354" }, { "reference_url": "https://usn.ubuntu.com/7562-1/", "reference_id": "USN-7562-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7562-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/570?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ndb1-hdsw-v7fq" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.44" } ], "aliases": [ "CVE-2024-21733", "GHSA-f4qf-m5gf-8jm8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjb8-hdqu-4fe5" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8002?format=api", "vulnerability_id": "VCID-nj9t-gdm3-6ycn", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17527.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17527.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10506", "scoring_system": "epss", "scoring_elements": "0.93425", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.10506", "scoring_system": "epss", "scoring_elements": "0.93446", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17527" }, { "reference_url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=64830", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=64830" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29" }, { "reference_url": "https://github.com/apache/tomcat/commit/8d2fe6894d6e258a6d615d7f786acca80e6020cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/8d2fe6894d6e258a6d615d7f786acca80e6020cb" }, { "reference_url": "https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65" }, { "reference_url": "https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa@%3Ccommits.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa@%3Ccommits.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee@%3Cissues.guacamole.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee@%3Cissues.guacamole.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce@%3Cissues.guacamole.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce@%3Cissues.guacamole.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104314b4038f697e1@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104314b4038f697e1@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20201210-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20201210-0003" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4835", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4835" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/12/03/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/12/03/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904221", "reference_id": "1904221", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904221" }, { "reference_url": "https://security.archlinux.org/ASA-202012-3", "reference_id": "ASA-202012-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202012-3" }, { "reference_url": "https://security.archlinux.org/AVG-1317", "reference_id": "AVG-1317", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527", "reference_id": "CVE-2020-17527", "reference_type": "", "scores": [ { "value": "Moderate", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17527", "reference_id": "CVE-2020-17527", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17527" }, { "reference_url": "https://github.com/advisories/GHSA-vvw4-rfwf-p6hx", "reference_id": "GHSA-vvw4-rfwf-p6hx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vvw4-rfwf-p6hx" }, { "reference_url": "https://security.gentoo.org/glsa/202012-23", "reference_id": "GLSA-202012-23", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202012-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0494", "reference_id": "RHSA-2021:0494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0495", "reference_id": "RHSA-2021:0495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4012", "reference_id": "RHSA-2021:4012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" }, { "reference_url": "https://usn.ubuntu.com/5360-1/", "reference_id": "USN-5360-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5360-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/710?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@8.5.60", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-m3py-3ba2-jkg7" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qxfb-yg6b-nfda" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-yjb8-hdqu-4fe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.60" }, { "url": "http://public2.vulnerablecode.io/api/packages/460?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" }, { "vulnerability": "VCID-yjb8-hdqu-4fe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/414?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bbye-dcrb-t3ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10" }, { "url": "http://public2.vulnerablecode.io/api/packages/432?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.2" } ], "aliases": [ "CVE-2020-17527", "GHSA-vvw4-rfwf-p6hx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nj9t-gdm3-6ycn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9170?format=api", "vulnerability_id": "VCID-qvgx-r4rr-xugp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-24122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.61383", "scoring_system": "epss", "scoring_elements": "0.98357", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.61383", "scoring_system": "epss", "scoring_elements": "0.98352", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-24122" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2" }, { "reference_url": "https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177" }, { "reference_url": "https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9" }, { "reference_url": "https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533" }, { "reference_url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24122", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24122" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210212-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210212-0008" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-7.html" }, { "reference_url": "https://tomcat.apache.org/security-8.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-8.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/01/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/01/14/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917209", "reference_id": "1917209", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917209" }, { "reference_url": "https://security.archlinux.org/AVG-1452", "reference_id": "AVG-1452", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122", "reference_id": "CVE-2021-24122", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122" }, { "reference_url": "https://github.com/advisories/GHSA-2rvv-w9r2-rg7m", "reference_id": "GHSA-2rvv-w9r2-rg7m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2rvv-w9r2-rg7m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0494", "reference_id": "RHSA-2021:0494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0495", "reference_id": "RHSA-2021:0495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3425", "reference_id": "RHSA-2021:3425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/883?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@7.0.107", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-n5t6-xtd3-hfa7" }, { "vulnerability": "VCID-nz4k-nfug-tufw" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-yg5s-2fsb-gub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.107" }, { "url": "http://public2.vulnerablecode.io/api/packages/710?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@8.5.60", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-m3py-3ba2-jkg7" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-qxfb-yg6b-nfda" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-yjb8-hdqu-4fe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.60" }, { "url": "http://public2.vulnerablecode.io/api/packages/460?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sq-3qm1-kqb2" }, { "vulnerability": "VCID-2hmq-5245-jyaf" }, { "vulnerability": "VCID-2n2k-sh22-fkfw" }, { "vulnerability": "VCID-3kn9-yxww-ryh4" }, { "vulnerability": "VCID-63vc-sc11-8kf1" }, { "vulnerability": "VCID-697g-gcg9-zyaa" }, { "vulnerability": "VCID-6kab-xsqw-37ed" }, { "vulnerability": "VCID-6wqu-jupw-tyhu" }, { "vulnerability": "VCID-7wr9-uez1-8bdg" }, { "vulnerability": "VCID-97et-ubnp-wqcy" }, { "vulnerability": "VCID-9xyf-k9wq-g7b9" }, { "vulnerability": "VCID-bbye-dcrb-t3ev" }, { "vulnerability": "VCID-dhxd-kknv-9qb7" }, { "vulnerability": "VCID-dj7q-4map-ebg4" }, { "vulnerability": "VCID-dx14-ejnx-37ad" }, { "vulnerability": "VCID-hv33-kv9q-gugf" }, { "vulnerability": "VCID-hvgr-azs4-qqac" }, { "vulnerability": "VCID-keh1-ycs9-ybdd" }, { "vulnerability": "VCID-ngy5-k9cv-rkbn" }, { "vulnerability": "VCID-p4j1-xp15-t3b8" }, { "vulnerability": "VCID-r9fd-ndvw-ekfa" }, { "vulnerability": "VCID-s2kf-jwgc-pfas" }, { "vulnerability": "VCID-t8tc-zb3w-57gv" }, { "vulnerability": "VCID-tvrz-n2kd-pba4" }, { "vulnerability": "VCID-uyc3-3cnp-wqf3" }, { "vulnerability": "VCID-v5zf-qfdq-kbbp" }, { "vulnerability": "VCID-vfh6-rc99-e3bf" }, { "vulnerability": "VCID-vnfg-9em7-u7ee" }, { "vulnerability": "VCID-x7wn-uamc-6bg5" }, { "vulnerability": "VCID-yjb8-hdqu-4fe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/414?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bbye-dcrb-t3ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10" } ], "aliases": [ "CVE-2021-24122", "GHSA-2rvv-w9r2-rg7m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qvgx-r4rr-xugp" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.40" }