Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apache/tomcat@10.1.0-M10
Typeapache
Namespace
Nametomcat
Version10.1.0-M10
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version10.1.0-M15
Latest_non_vulnerable_version11.0.21
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-6pm1-byhk-eqfg
vulnerability_id VCID-6pm1-byhk-eqfg
summary The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23181.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23181.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23181
reference_id
reference_type
scores
0
value 0.00217
scoring_system epss
scoring_elements 0.44322
published_at 2026-04-16T12:55:00Z
1
value 0.00217
scoring_system epss
scoring_elements 0.44263
published_at 2026-04-13T12:55:00Z
2
value 0.00217
scoring_system epss
scoring_elements 0.44296
published_at 2026-04-11T12:55:00Z
3
value 0.00217
scoring_system epss
scoring_elements 0.44278
published_at 2026-04-09T12:55:00Z
4
value 0.00217
scoring_system epss
scoring_elements 0.44273
published_at 2026-04-08T12:55:00Z
5
value 0.00217
scoring_system epss
scoring_elements 0.44221
published_at 2026-04-07T12:55:00Z
6
value 0.00217
scoring_system epss
scoring_elements 0.44288
published_at 2026-04-04T12:55:00Z
7
value 0.00217
scoring_system epss
scoring_elements 0.44265
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23181
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/094800b12d6c958d7b4540372c5a95698658ada1
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/094800b12d6c958d7b4540372c5a95698658ada1
5
reference_url https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e
6
reference_url https://github.com/apache/tomcat/commit/70da1aaa51e0f9d088438e9d958812a144e12754
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/70da1aaa51e0f9d088438e9d958812a144e12754
7
reference_url https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530
8
reference_url https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9
9
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
10
reference_url https://security.netapp.com/advisory/ntap-20220217-0010
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220217-0010
11
reference_url https://security.netapp.com/advisory/ntap-20220217-0010/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220217-0010/
12
reference_url https://www.debian.org/security/2022/dsa-5265
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5265
13
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2047417
reference_id 2047417
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2047417
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23181
reference_id CVE-2022-23181
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23181
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23181
reference_id CVE-2022-23181
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23181
18
reference_url https://github.com/advisories/GHSA-9f3j-pm6f-9fm5
reference_id GHSA-9f3j-pm6f-9fm5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9f3j-pm6f-9fm5
19
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
20
reference_url https://access.redhat.com/errata/RHSA-2022:7272
reference_id RHSA-2022:7272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7272
21
reference_url https://access.redhat.com/errata/RHSA-2022:7273
reference_id RHSA-2022:7273
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7273
22
reference_url https://access.redhat.com/errata/RHSA-2023:0272
reference_id RHSA-2023:0272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0272
23
reference_url https://usn.ubuntu.com/6943-1/
reference_id USN-6943-1
reference_type
scores
url https://usn.ubuntu.com/6943-1/
fixed_packages
0
url pkg:apache/tomcat@8.5.75
purl pkg:apache/tomcat@8.5.75
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ayrd-8ntf-hkh3
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.75
1
url pkg:apache/tomcat@9.0.58
purl pkg:apache/tomcat@9.0.58
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.58
2
url pkg:apache/tomcat@10.0.16
purl pkg:apache/tomcat@10.0.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.0.16
3
url pkg:apache/tomcat@10.1.0-M10
purl pkg:apache/tomcat@10.1.0-M10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M10
aliases CVE-2022-23181, GHSA-9f3j-pm6f-9fm5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6pm1-byhk-eqfg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M10