Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-9qgr-t27j-y7d3

Summary

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests 
could lead to request and/or response mix-up between users.

This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95.

Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.

Aliases

alias	CVE-2024-52317

alias	GHSA-qvf5-hvjx-wm27

Fixed_packages

url pkg:apache/tomcat@9.0.96

purl pkg:apache/tomcat@9.0.96

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s24s-sbsx-b3f5

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.96

url pkg:apache/tomcat@10.1.31

purl pkg:apache/tomcat@10.1.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s24s-sbsx-b3f5

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.31

url pkg:apache/tomcat@11.0.0

purl pkg:apache/tomcat@11.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-5732-xnx7-tkfy

vulnerability	VCID-s24s-sbsx-b3f5

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.0

url	pkg:deb/debian/tomcat10@0?distro=trixie
purl	pkg:deb/debian/tomcat10@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@0%3Fdistro=trixie

url	pkg:deb/debian/tomcat10@10.1.31-1?distro=trixie
purl	pkg:deb/debian/tomcat10@10.1.31-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.31-1%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-35xg-a746-5qgc

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-rsxs-u5cc-rkgj

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-35xg-a746-5qgc

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-rsxs-u5cc-rkgj

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-35xg-a746-5qgc

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-rsxs-u5cc-rkgj

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
purl	pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie

url	pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
purl	pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@0?distro=trixie
purl	pkg:deb/debian/tomcat9@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@0%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.115-1%3Fdistro=trixie

url pkg:maven/org.apache.tomcat/tomcat@9.0.96

purl pkg:maven/org.apache.tomcat/tomcat@9.0.96

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-s24s-sbsx-b3f5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.96

url pkg:maven/org.apache.tomcat/tomcat@10.1.31

purl pkg:maven/org.apache.tomcat/tomcat@10.1.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-s24s-sbsx-b3f5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.31

url pkg:maven/org.apache.tomcat/tomcat@11.0.0

purl pkg:maven/org.apache.tomcat/tomcat@11.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-5732-xnx7-tkfy

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-s24s-sbsx-b3f5

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0

url	pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.96
purl	pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.96
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.96

url	pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.31
purl	pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.31
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.31

url pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0

purl pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-j6cj-ftyd-3ffa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.96

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.96

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fpgj-82wf-ykbw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.96

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.31

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fpgj-82wf-ykbw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.31

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0

Affected_packages

url pkg:apache/tomcat@9.0.92

purl pkg:apache/tomcat@9.0.92

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.92

url pkg:apache/tomcat@9.0.95

purl pkg:apache/tomcat@9.0.95

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.95

url pkg:apache/tomcat@10.1.27

purl pkg:apache/tomcat@10.1.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.27

url pkg:apache/tomcat@10.1.30

purl pkg:apache/tomcat@10.1.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.30

url pkg:apache/tomcat@11.0.0-M23

purl pkg:apache/tomcat@11.0.0-M23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.0-M23

url pkg:apache/tomcat@11.0.0-M26

purl pkg:apache/tomcat@11.0.0-M26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.0-M26

url pkg:maven/org.apache.tomcat/tomcat@9.0.92

purl pkg:maven/org.apache.tomcat/tomcat@9.0.92

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.92

url pkg:maven/org.apache.tomcat/tomcat@9.0.95

purl pkg:maven/org.apache.tomcat/tomcat@9.0.95

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.95

url pkg:maven/org.apache.tomcat/tomcat@10.1.27

purl pkg:maven/org.apache.tomcat/tomcat@10.1.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.27

url pkg:maven/org.apache.tomcat/tomcat@10.1.30

purl pkg:maven/org.apache.tomcat/tomcat@10.1.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.30

url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M23

purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M23

url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M26

purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M26

url pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.92

purl pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.92

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.92

url pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.93

purl pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.93

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.93

url pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.94

purl pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.94

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.94

url pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.95

purl pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.95

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.95

url pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.27

purl pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.27

url pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.28

purl pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.28

url pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.29

purl pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.29

url pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.30

purl pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.30

url pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0-M23

purl pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0-M23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0-M23

url pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0-M24

purl pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0-M24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0-M24

url pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0-M25

purl pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0-M25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0-M25

url pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0-M26

purl pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0-M26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0-M26

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.92

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.92

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.92

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.93

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.93

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

vulnerability	VCID-fpgj-82wf-ykbw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.93

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.94

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.94

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

vulnerability	VCID-fpgj-82wf-ykbw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.94

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.95

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.95

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

vulnerability	VCID-fpgj-82wf-ykbw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.95

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.27

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.27

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.28

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

vulnerability	VCID-fpgj-82wf-ykbw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.28

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.29

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

vulnerability	VCID-fpgj-82wf-ykbw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.29

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.30

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

vulnerability	VCID-fpgj-82wf-ykbw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.30

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M23

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M23

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M24

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-v7tp-1t4h-zqeg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M24

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M25

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-v7tp-1t4h-zqeg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M25

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M26

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9qgr-t27j-y7d3

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-v7tp-1t4h-zqeg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M26

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52317.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52317.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52317

reference_id

reference_type

scores

value	0.1665
scoring_system	epss
scoring_elements	0.94904
published_at	2026-04-02T12:55:00Z

value	0.1665
scoring_system	epss
scoring_elements	0.94917
published_at	2026-04-08T12:55:00Z

value	0.1665
scoring_system	epss
scoring_elements	0.94908
published_at	2026-04-07T12:55:00Z

value	0.1665
scoring_system	epss
scoring_elements	0.94906
published_at	2026-04-04T12:55:00Z

value	0.21066
scoring_system	epss
scoring_elements	0.95642
published_at	2026-04-09T12:55:00Z

value	0.21066
scoring_system	epss
scoring_elements	0.95657
published_at	2026-04-16T12:55:00Z

value	0.21066
scoring_system	epss
scoring_elements	0.95648
published_at	2026-04-13T12:55:00Z

value	0.21066
scoring_system	epss
scoring_elements	0.95646
published_at	2026-04-12T12:55:00Z

value	0.21066
scoring_system	epss
scoring_elements	0.95647
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52317

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://github.com/apache/tomcat/commit/146f94f87ea398fb592c7a20a5ccbef95e9dd72b

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/146f94f87ea398fb592c7a20a5ccbef95e9dd72b

reference_url

https://github.com/apache/tomcat/commit/47307ee27abcdea2ee40e33897aca760083de46a

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/47307ee27abcdea2ee40e33897aca760083de46a

reference_url

https://github.com/apache/tomcat/commit/9e840ccacb40881c03a03b1e0746bfba7369b3bd

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/9e840ccacb40881c03a03b1e0746bfba7369b3bd

reference_url

https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-18T14:44:38Z/

url

https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52317

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52317

reference_url

https://security.netapp.com/advisory/ntap-20250124-0004

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250124-0004

reference_url

http://www.openwall.com/lists/oss-security/2024/11/18/3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/11/18/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2326973
reference_id	2326973
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2326973

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52317

reference_id

CVE-2024-52317

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52317

reference_url

https://github.com/advisories/GHSA-qvf5-hvjx-wm27

reference_id

GHSA-qvf5-hvjx-wm27

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qvf5-hvjx-wm27

reference_url	https://usn.ubuntu.com/7705-1/
reference_id	USN-7705-1
reference_type
scores
url	https://usn.ubuntu.com/7705-1/

Weaknesses

cwe_id	326
name	Inadequate Encryption Strength
description	The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9qgr-t27j-y7d3

Vulnerability Instance