Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.36

Type maven

Namespace org.apache.tomcat.embed

Name tomcat-embed-core

Version 9.0.36

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 9.0.37

Latest_non_vulnerable_version 11.0.18

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-jbh7-zmq6-bfgs

vulnerability_id VCID-jbh7-zmq6-bfgs

summary denial of service

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10332
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10332

reference_url	https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html

reference_url	https://security.netapp.com/advisory/ntap-20200724-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200724-0003/

reference_url	https://usn.ubuntu.com/4448-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4448-1/

reference_url	https://usn.ubuntu.com/4596-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4596-1/

reference_url	https://www.debian.org/security/2020/dsa-4727
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4727

reference_url	https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url	https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2021.html

reference_url	https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2022.html

reference_url	https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url	https://www.oracle.com//security-alerts/cpujul2021.html

reference_url	https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

https://security.archlinux.org/AVG-1205

reference_id

AVG-1205

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1205

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-13935
reference_id	CVE-2020-13935
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-13935

reference_url	https://github.com/advisories/GHSA-m7jv-hq7h-mq7c
reference_id	GHSA-m7jv-hq7h-mq7c
reference_type
scores
url	https://github.com/advisories/GHSA-m7jv-hq7h-mq7c

fixed_packages

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.104
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.104
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.104

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.56
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.56
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.56

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.36
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.36
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.36

aliases CVE-2020-13935, GHSA-m7jv-hq7h-mq7c

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbh7-zmq6-bfgs

url VCID-qth9-7326-hffp

vulnerability_id VCID-qth9-7326-hffp

summary

Uncontrolled Resource Consumption in Apache Tomcat
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html

reference_url	https://security.netapp.com/advisory/ntap-20200709-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200709-0002/

reference_url	https://usn.ubuntu.com/4596-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4596-1/

reference_url	https://www.debian.org/security/2020/dsa-4727
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4727

reference_url	https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2021.html

reference_url	https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-11996
reference_id	CVE-2020-11996
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-11996

reference_url	https://github.com/advisories/GHSA-53hp-jpwq-2jgq
reference_id	GHSA-53hp-jpwq-2jgq
reference_type
scores
url	https://github.com/advisories/GHSA-53hp-jpwq-2jgq

fixed_packages

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.56
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.56
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.56

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.36
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.36
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.36

aliases CVE-2020-11996, GHSA-53hp-jpwq-2jgq

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qth9-7326-hffp

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.36

Package Instance