Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/941319?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/941319?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "tomcat10", "version": "10.1.34-0+deb12u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "10.1.34-1", "latest_non_vulnerable_version": "10.1.54-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4439?format=api", "vulnerability_id": "VCID-3vdn-j7sj-dfdn", "summary": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60806", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60814", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60801", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60828", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60779", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60822", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60798", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60812", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.6079", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60774", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60726", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60761", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.60731", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38286" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93" }, { "reference_url": "https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543" }, { "reference_url": "https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13" }, { "reference_url": "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:33:49Z/" } ], "url": "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38286" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241101-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241101-0010" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/09/23/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/09/23/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", "reference_id": "2314686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286", "reference_id": "CVE-2024-38286", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286" }, { "reference_url": "https://github.com/advisories/GHSA-7jqf-v358-p8g7", "reference_id": "GHSA-7jqf-v358-p8g7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7jqf-v358-p8g7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4976", "reference_id": "RHSA-2024:4976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4977", "reference_id": "RHSA-2024:4977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5024", "reference_id": "RHSA-2024:5024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5025", "reference_id": "RHSA-2024:5025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5693", "reference_id": "RHSA-2024:5693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5694", "reference_id": "RHSA-2024:5694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5695", "reference_id": "RHSA-2024:5695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5695" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5696", "reference_id": "RHSA-2024:5696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8494", "reference_id": "RHSA-2024:8494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8497", "reference_id": "RHSA-2024:8497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8528", "reference_id": "RHSA-2024:8528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8543", "reference_id": "RHSA-2024:8543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8567", "reference_id": "RHSA-2024:8567", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8567" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8572", "reference_id": "RHSA-2024:8572", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8572" }, { "reference_url": "https://usn.ubuntu.com/7562-1/", "reference_id": "USN-7562-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7562-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941320?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.25-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.25-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941319?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941305?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941309?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941307?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941308?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066849?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-38286", "GHSA-7jqf-v358-p8g7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3vdn-j7sj-dfdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4432?format=api", "vulnerability_id": "VCID-43j2-w5xt-43g9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56337.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56337.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11183", "scoring_system": "epss", "scoring_elements": "0.93469", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11486", "scoring_system": "epss", "scoring_elements": "0.93642", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.11486", "scoring_system": "epss", "scoring_elements": "0.93592", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11486", "scoring_system": "epss", "scoring_elements": "0.93593", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11486", "scoring_system": "epss", "scoring_elements": "0.93602", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11486", "scoring_system": "epss", "scoring_elements": "0.93604", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11486", "scoring_system": "epss", "scoring_elements": "0.9361", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11486", "scoring_system": "epss", "scoring_elements": "0.93611", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11486", "scoring_system": "epss", "scoring_elements": "0.9363", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11486", "scoring_system": "epss", "scoring_elements": "0.93637", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11486", "scoring_system": "epss", "scoring_elements": "0.93641", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.11486", "scoring_system": "epss", "scoring_elements": "0.93646", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.11486", "scoring_system": "epss", "scoring_elements": "0.93644", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56337" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T13:28:46Z/" } ], "url": "https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56337", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56337" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250103-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250103-0002" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2024-50379", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T13:28:46Z/" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2024-50379" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333521", "reference_id": "2333521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337", "reference_id": "CVE-2024-56337", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337" }, { "reference_url": "https://github.com/advisories/GHSA-27hp-xhwr-wr2m", "reference_id": "GHSA-27hp-xhwr-wr2m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-27hp-xhwr-wr2m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11332", "reference_id": "RHSA-2025:11332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11333", "reference_id": "RHSA-2025:11333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11334", "reference_id": "RHSA-2025:11334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11334" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11335", "reference_id": "RHSA-2025:11335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11381", "reference_id": "RHSA-2025:11381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11382", "reference_id": "RHSA-2025:11382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4521", "reference_id": "RHSA-2025:4521", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4522", "reference_id": "RHSA-2025:4522", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4522" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941319?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941305?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941321?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941309?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941307?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941308?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066849?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-56337", "GHSA-27hp-xhwr-wr2m" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43j2-w5xt-43g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4437?format=api", "vulnerability_id": "VCID-8mns-kw6c-a7dk", "summary": "Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01353", "scoring_system": "epss", "scoring_elements": "0.80071", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01353", "scoring_system": "epss", "scoring_elements": "0.80109", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01353", "scoring_system": "epss", "scoring_elements": "0.8008", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01353", "scoring_system": "epss", "scoring_elements": "0.80092", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01828", "scoring_system": "epss", "scoring_elements": "0.82936", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01828", "scoring_system": "epss", "scoring_elements": "0.82897", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01828", "scoring_system": "epss", "scoring_elements": "0.82901", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01828", "scoring_system": "epss", "scoring_elements": "0.82906", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01828", "scoring_system": "epss", "scoring_elements": "0.8289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02463", "scoring_system": "epss", "scoring_elements": "0.85298", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02463", "scoring_system": "epss", "scoring_elements": "0.85299", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02463", "scoring_system": "epss", "scoring_elements": "0.85291", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02463", "scoring_system": "epss", "scoring_elements": "0.85267", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14" }, { "reference_url": "https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223" }, { "reference_url": "https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369" }, { "reference_url": "https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-18T14:50:59Z/" } ], "url": "https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52316", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52316" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250124-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250124-0003" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/11/18/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/11/18/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326972", "reference_id": "2326972", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326972" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316", "reference_id": "CVE-2024-52316", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316" }, { "reference_url": "https://github.com/advisories/GHSA-xcpr-7mr4-h4xq", "reference_id": "GHSA-xcpr-7mr4-h4xq", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xcpr-7mr4-h4xq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3608", "reference_id": "RHSA-2025:3608", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3609", "reference_id": "RHSA-2025:3609", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3609" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7497", "reference_id": "RHSA-2025:7497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7497" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941322?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.31-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.31-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941319?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941305?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941309?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941307?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941308?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066849?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-52316", "GHSA-xcpr-7mr4-h4xq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8mns-kw6c-a7dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4438?format=api", "vulnerability_id": "VCID-8myk-ac5b-huh8", "summary": "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34750.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34750.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17245", "scoring_system": "epss", "scoring_elements": "0.95026", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.17245", "scoring_system": "epss", "scoring_elements": "0.95029", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.17245", "scoring_system": "epss", "scoring_elements": "0.95025", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.17245", "scoring_system": "epss", "scoring_elements": "0.95019", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.17245", "scoring_system": "epss", "scoring_elements": "0.95015", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.17245", "scoring_system": "epss", "scoring_elements": "0.95007", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.17245", "scoring_system": "epss", "scoring_elements": "0.95004", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.17245", "scoring_system": "epss", "scoring_elements": "0.95002", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.21539", "scoring_system": "epss", "scoring_elements": "0.95727", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.21539", "scoring_system": "epss", "scoring_elements": "0.95733", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.21539", "scoring_system": "epss", "scoring_elements": "0.95732", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.21539", "scoring_system": "epss", "scoring_elements": "0.9573", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34750" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/2344a4c0d03e307ba6b8ab6dc8b894cc8bac63f2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/2344a4c0d03e307ba6b8ab6dc8b894cc8bac63f2" }, { "reference_url": "https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3" }, { "reference_url": "https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f" }, { "reference_url": "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:51:20Z/" } ], "url": "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34750" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240816-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240816-0004" }, { "reference_url": "https://tomcat.apache.org/security-10.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html" }, { "reference_url": "https://tomcat.apache.org/security-11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html" }, { "reference_url": "https://tomcat.apache.org/security-9.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", "reference_id": "2295651", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34750", "reference_id": "CVE-2024-34750", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34750" }, { "reference_url": "https://github.com/advisories/GHSA-wm9w-rjj3-j356", "reference_id": "GHSA-wm9w-rjj3-j356", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wm9w-rjj3-j356" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4976", "reference_id": "RHSA-2024:4976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4977", "reference_id": "RHSA-2024:4977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5024", "reference_id": "RHSA-2024:5024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5025", "reference_id": "RHSA-2024:5025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5693", "reference_id": "RHSA-2024:5693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5694", "reference_id": "RHSA-2024:5694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5695", "reference_id": "RHSA-2024:5695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5695" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5696", "reference_id": "RHSA-2024:5696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5696" }, { "reference_url": "https://usn.ubuntu.com/7562-1/", "reference_id": "USN-7562-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7562-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941320?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.25-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.25-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941319?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941305?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941309?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941307?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941308?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066849?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-34750", "GHSA-wm9w-rjj3-j356" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8myk-ac5b-huh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4433?format=api", "vulnerability_id": "VCID-gvhy-d4gm-57d3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54677", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79223", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79206", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79199", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79165", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79169", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79152", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79167", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79143", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79135", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.7911", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79125", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01228", "scoring_system": "epss", "scoring_elements": "0.79098", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54677" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd" }, { "reference_url": "https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d" }, { "reference_url": "https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4" }, { "reference_url": "https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a" }, { "reference_url": "https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746" }, { "reference_url": "https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd" }, { "reference_url": "https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c" }, { "reference_url": "https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1" }, { "reference_url": "https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc" }, { "reference_url": "https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654" }, { "reference_url": "https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e" }, { "reference_url": "https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533" }, { "reference_url": "https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a" }, { "reference_url": "https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1" }, { "reference_url": "https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408" }, { "reference_url": "https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66" }, { "reference_url": "https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a" }, { "reference_url": "https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044" }, { "reference_url": "https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213" }, { "reference_url": "https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb" }, { "reference_url": "https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444" }, { "reference_url": "https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585" }, { "reference_url": "https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4" }, { "reference_url": "https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-17T16:41:40Z/" } ], "url": "https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54677", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54677" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250131-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250131-0006" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/17/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/17/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/17/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/17/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/18/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/18/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332815", "reference_id": "2332815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677", "reference_id": "CVE-2024-54677", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677" }, { "reference_url": "https://github.com/advisories/GHSA-653p-vg55-5652", "reference_id": "GHSA-653p-vg55-5652", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-653p-vg55-5652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7497", "reference_id": "RHSA-2025:7497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7497" }, { "reference_url": "https://usn.ubuntu.com/7705-1/", "reference_id": "USN-7705-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7705-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941319?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941305?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941321?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941309?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941307?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941308?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066849?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-54677", "GHSA-653p-vg55-5652" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gvhy-d4gm-57d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4434?format=api", "vulnerability_id": "VCID-v8ku-sjc8-wfga", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50379.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50379.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8616", "scoring_system": "epss", "scoring_elements": "0.99403", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.8616", "scoring_system": "epss", "scoring_elements": "0.99402", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.86495", "scoring_system": "epss", "scoring_elements": "0.99411", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.86495", "scoring_system": "epss", "scoring_elements": "0.99416", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.86495", "scoring_system": "epss", "scoring_elements": "0.99409", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.86495", "scoring_system": "epss", "scoring_elements": "0.99412", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.86495", "scoring_system": "epss", "scoring_elements": "0.99408", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.86495", "scoring_system": "epss", "scoring_elements": "0.9941", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.86495", "scoring_system": "epss", "scoring_elements": "0.99417", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.86495", "scoring_system": "epss", "scoring_elements": "0.99414", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.86495", "scoring_system": "epss", "scoring_elements": "0.99413", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.87447", "scoring_system": "epss", "scoring_elements": "0.99451", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50379" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f" }, { "reference_url": "https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00" }, { "reference_url": "https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41" }, { "reference_url": "https://github.com/apache/tomcat/commit/684247ae85fa633b9197b32391de59fc54703842", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/684247ae85fa633b9197b32391de59fc54703842" }, { "reference_url": "https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2" }, { "reference_url": "https://github.com/apache/tomcat/commit/cc7a98b57c6dc1df21979fcff94a36e068f4456c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/cc7a98b57c6dc1df21979fcff94a36e068f4456c" }, { "reference_url": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-17T16:54:54Z/" } ], "url": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250103-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250103-0003" }, { "reference_url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34" }, { "reference_url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2" }, { "reference_url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/17/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/17/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/18/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/18/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332817", "reference_id": "2332817", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332817" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379", "reference_id": "CVE-2024-50379", "reference_type": "", "scores": [ { "value": "Important", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379" }, { "reference_url": "https://github.com/advisories/GHSA-5j33-cvvr-w245", "reference_id": "GHSA-5j33-cvvr-w245", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5j33-cvvr-w245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0342", "reference_id": "RHSA-2025:0342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0343", "reference_id": "RHSA-2025:0343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0361", "reference_id": "RHSA-2025:0361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0362", "reference_id": "RHSA-2025:0362", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0362" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1920", "reference_id": "RHSA-2025:1920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3645", "reference_id": "RHSA-2025:3645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3646", "reference_id": "RHSA-2025:3646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3647", "reference_id": "RHSA-2025:3647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3683", "reference_id": "RHSA-2025:3683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3684", "reference_id": "RHSA-2025:3684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3684" }, { "reference_url": "https://usn.ubuntu.com/7705-1/", "reference_id": "USN-7705-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7705-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941319?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941305?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941321?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.34-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941309?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941307?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941308?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066849?format=api", "purl": "pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-50379", "GHSA-5j33-cvvr-w245" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v8ku-sjc8-wfga" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u1%3Fdistro=trixie" }