Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/coyote@8.5.78

Type maven

Namespace org.apache.tomcat

Name coyote

Version 8.5.78

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-9awt-9zjq-yucn

vulnerability_id VCID-9awt-9zjq-yucn

summary

Uncontrolled Resource Consumption
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

references

reference_url	https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv
reference_id
reference_type
scores
url	https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-29885
reference_id	CVE-2022-29885
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-29885

fixed_packages

aliases CVE-2022-29885

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9awt-9zjq-yucn

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/coyote@8.5.78

Package Instance