Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-6pm1-byhk-eqfg

Summary The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

Aliases

alias	CVE-2022-23181

alias	GHSA-9f3j-pm6f-9fm5

Fixed_packages

url pkg:apache/tomcat@8.5.75

purl pkg:apache/tomcat@8.5.75

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ayrd-8ntf-hkh3

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.75

url	pkg:apache/tomcat@9.0.58
purl	pkg:apache/tomcat@9.0.58
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.58

url	pkg:apache/tomcat@10.0.16
purl	pkg:apache/tomcat@10.0.16
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.0.16

url	pkg:apache/tomcat@10.1.0-M10
purl	pkg:apache/tomcat@10.1.0-M10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M10

url	pkg:deb/debian/tomcat9@9.0.43-2~deb11u4?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.43-2~deb11u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u4%3Fdistro=trixie

url pkg:deb/debian/tomcat9@9.0.43-2~deb11u10

purl pkg:deb/debian/tomcat9@9.0.43-2~deb11u10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e6p-cppr-2bh2

vulnerability	VCID-246u-a4rh-yyd4

vulnerability	VCID-2kku-pzer-9ufv

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-2x6a-3gh1-rkhs

vulnerability	VCID-2zq1-na8s-mfdd

vulnerability	VCID-35xg-a746-5qgc

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-43j2-w5xt-43g9

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-5sgv-7nsz-5fa8

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-9kfe-1esf-uydm

vulnerability	VCID-cfhw-vmcp-y3bc

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-gb2v-96xj-ybad

vulnerability	VCID-gvhy-d4gm-57d3

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-k59r-wjt3-wqe5

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-maw6-4qs5-ykae

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-rsxs-u5cc-rkgj

vulnerability	VCID-sr8e-w1qk-r7fz

vulnerability	VCID-v8ku-sjc8-wfga

vulnerability	VCID-xqjr-7xfw-mbh2

vulnerability	VCID-y9ne-rw7e-vugf

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10

url	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.58-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.58-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.58-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.115-1%3Fdistro=trixie

url pkg:maven/org.apache.tomcat/tomcat@8.5.75

purl pkg:maven/org.apache.tomcat/tomcat@8.5.75

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.75

url pkg:maven/org.apache.tomcat/tomcat@9.0.58

purl pkg:maven/org.apache.tomcat/tomcat@9.0.58

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-stds-vw5z-auhp

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.58

url pkg:maven/org.apache.tomcat/tomcat@10.0.16

purl pkg:maven/org.apache.tomcat/tomcat@10.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.16

url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M10

purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M10

Affected_packages

url pkg:apache/tomcat@8.5.55

purl pkg:apache/tomcat@8.5.55

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-6pm1-byhk-eqfg

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.55

url pkg:apache/tomcat@8.5.73

purl pkg:apache/tomcat@8.5.73

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6pm1-byhk-eqfg

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.73

url pkg:apache/tomcat@9.0.35

purl pkg:apache/tomcat@9.0.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-6pm1-byhk-eqfg

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.35

url pkg:apache/tomcat@9.0.56

purl pkg:apache/tomcat@9.0.56

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6pm1-byhk-eqfg

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.56

url pkg:apache/tomcat@10.0.0-M5

purl pkg:apache/tomcat@10.0.0-M5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-6pm1-byhk-eqfg

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.0.0-M5

url pkg:apache/tomcat@10.0.14

purl pkg:apache/tomcat@10.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6pm1-byhk-eqfg

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.0.14

url pkg:apache/tomcat@10.1.0-M1

purl pkg:apache/tomcat@10.1.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e6p-cppr-2bh2

vulnerability	VCID-246u-a4rh-yyd4

vulnerability	VCID-2kku-pzer-9ufv

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-2x6a-3gh1-rkhs

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-43j2-w5xt-43g9

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-5sgv-7nsz-5fa8

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-cfhw-vmcp-y3bc

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-gb2v-96xj-ybad

vulnerability	VCID-gvhy-d4gm-57d3

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-k59r-wjt3-wqe5

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-maw6-4qs5-ykae

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p6pa-f1fg-hbhg

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-rzj2-4kcj-43dq

vulnerability	VCID-sr8e-w1qk-r7fz

vulnerability	VCID-stds-vw5z-auhp

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-v8ku-sjc8-wfga

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-wptr-hkjx-s7c3

vulnerability	VCID-xqjr-7xfw-mbh2

vulnerability	VCID-y9ne-rw7e-vugf

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M1

url pkg:apache/tomcat@10.1.0-M8

purl pkg:apache/tomcat@10.1.0-M8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6pm1-byhk-eqfg

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M8

url pkg:deb/debian/tomcat9@9.0.31-1~deb10u6

purl pkg:deb/debian/tomcat9@9.0.31-1~deb10u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e6p-cppr-2bh2

vulnerability	VCID-246u-a4rh-yyd4

vulnerability	VCID-2kku-pzer-9ufv

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-2x6a-3gh1-rkhs

vulnerability	VCID-2zq1-na8s-mfdd

vulnerability	VCID-35xg-a746-5qgc

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-43j2-w5xt-43g9

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-5sgv-7nsz-5fa8

vulnerability	VCID-66kh-s6cr-tqf9

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-885s-t4dx-dybv

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-9kfe-1esf-uydm

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-cfhw-vmcp-y3bc

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-dzan-r49k-kqab

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-gb2v-96xj-ybad

vulnerability	VCID-gvhy-d4gm-57d3

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-k59r-wjt3-wqe5

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-maw6-4qs5-ykae

vulnerability	VCID-n3ab-nk7c-hqc9

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-p6pa-f1fg-hbhg

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-ran8-rnqn-tkbc

vulnerability	VCID-rq42-qvsy-hue6

vulnerability	VCID-rsxs-u5cc-rkgj

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-rzj2-4kcj-43dq

vulnerability	VCID-sr8e-w1qk-r7fz

vulnerability	VCID-stds-vw5z-auhp

vulnerability	VCID-t2ne-75ck-eqcr

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-v8ku-sjc8-wfga

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-wgsc-dnn1-ukeq

vulnerability	VCID-wptr-hkjx-s7c3

vulnerability	VCID-xqjr-7xfw-mbh2

vulnerability	VCID-xt59-cnmj-2bf8

vulnerability	VCID-y9ne-rw7e-vugf

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-z2pq-cv2w-nfdk

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.31-1~deb10u6

url pkg:maven/org.apache.tomcat/tomcat@8.5.55

purl pkg:maven/org.apache.tomcat/tomcat@8.5.55

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-ran8-rnqn-tkbc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.55

url pkg:maven/org.apache.tomcat/tomcat@8.5.73

purl pkg:maven/org.apache.tomcat/tomcat@8.5.73

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.73

url pkg:maven/org.apache.tomcat/tomcat@9.0.0

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-39e3-jfbg-s3hk

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-dtvw-92bk-wbcf

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-e7kd-kk57-mkd6

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-enaj-f97c-jbh7

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-n3zn-tuck-gkfe

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-qbfw-16rt-qyc7

vulnerability	VCID-ran8-rnqn-tkbc

vulnerability	VCID-vdnj-sqmx-e3ep

vulnerability	VCID-xshb-a2kb-c7gs

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0

url pkg:maven/org.apache.tomcat/tomcat@9.0.35

purl pkg:maven/org.apache.tomcat/tomcat@9.0.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-ran8-rnqn-tkbc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.35

url pkg:maven/org.apache.tomcat/tomcat@9.0.56

purl pkg:maven/org.apache.tomcat/tomcat@9.0.56

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-stds-vw5z-auhp

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.56

url pkg:maven/org.apache.tomcat/tomcat@10.0.0-M5

purl pkg:maven/org.apache.tomcat/tomcat@10.0.0-M5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-dzan-r49k-kqab

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M5

url pkg:maven/org.apache.tomcat/tomcat@10.0.0

purl pkg:maven/org.apache.tomcat/tomcat@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-66kh-s6cr-tqf9

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-n3ab-nk7c-hqc9

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-ran8-rnqn-tkbc

vulnerability	VCID-t2ne-75ck-eqcr

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0

url pkg:maven/org.apache.tomcat/tomcat@10.0.14

purl pkg:maven/org.apache.tomcat/tomcat@10.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.14

url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1

purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e6p-cppr-2bh2

vulnerability	VCID-246u-a4rh-yyd4

vulnerability	VCID-2kku-pzer-9ufv

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-2x6a-3gh1-rkhs

vulnerability	VCID-3vdn-j7sj-dfdn

vulnerability	VCID-43j2-w5xt-43g9

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-5sgv-7nsz-5fa8

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-8mns-kw6c-a7dk

vulnerability	VCID-8myk-ac5b-huh8

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-cfhw-vmcp-y3bc

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-gb2v-96xj-ybad

vulnerability	VCID-gvhy-d4gm-57d3

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-k59r-wjt3-wqe5

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-maw6-4qs5-ykae

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-p6pa-f1fg-hbhg

vulnerability	VCID-p8q2-pt96-5ye8

vulnerability	VCID-qkx6-32cj-jfbp

vulnerability	VCID-rzj2-4kcj-43dq

vulnerability	VCID-sr8e-w1qk-r7fz

vulnerability	VCID-stds-vw5z-auhp

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-v8ku-sjc8-wfga

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-wptr-hkjx-s7c3

vulnerability	VCID-xqjr-7xfw-mbh2

vulnerability	VCID-y9ne-rw7e-vugf

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1

url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M8

purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-8war-4v58-eub2

vulnerability	VCID-wptr-hkjx-s7c3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M8

url pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1?arch=el8jws

purl pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1?arch=el8jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-j8tk-s915-pbfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1%3Farch=el8jws

url pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1?arch=el9jws

purl pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1?arch=el9jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-j8tk-s915-pbfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1%3Farch=el9jws

url pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1?arch=el7jws

purl pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1?arch=el7jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6pm1-byhk-eqfg

vulnerability	VCID-j8tk-s915-pbfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1%3Farch=el7jws

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23181.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23181.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23181

reference_id

reference_type

scores

value	0.00217
scoring_system	epss
scoring_elements	0.44322
published_at	2026-04-16T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44263
published_at	2026-04-13T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44296
published_at	2026-04-11T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44278
published_at	2026-04-09T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44273
published_at	2026-04-08T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44221
published_at	2026-04-07T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44288
published_at	2026-04-04T12:55:00Z

value	0.00217
scoring_system	epss
scoring_elements	0.44265
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23181

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url	https://github.com/apache/tomcat/commit/094800b12d6c958d7b4540372c5a95698658ada1
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/094800b12d6c958d7b4540372c5a95698658ada1

reference_url	https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e

reference_url	https://github.com/apache/tomcat/commit/70da1aaa51e0f9d088438e9d958812a144e12754
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/70da1aaa51e0f9d088438e9d958812a144e12754

reference_url	https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530

reference_url

https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9

reference_url

https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

reference_url

https://security.netapp.com/advisory/ntap-20220217-0010

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220217-0010

reference_url	https://security.netapp.com/advisory/ntap-20220217-0010/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220217-0010/

reference_url

https://www.debian.org/security/2022/dsa-5265

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2022/dsa-5265

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2047417
reference_id	2047417
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2047417

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23181

reference_id

CVE-2022-23181

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23181

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-23181

reference_id

CVE-2022-23181

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-23181

reference_url

https://github.com/advisories/GHSA-9f3j-pm6f-9fm5

reference_id

GHSA-9f3j-pm6f-9fm5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9f3j-pm6f-9fm5

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2022:7272
reference_id	RHSA-2022:7272
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7272

reference_url	https://access.redhat.com/errata/RHSA-2022:7273
reference_id	RHSA-2022:7273
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7273

reference_url	https://access.redhat.com/errata/RHSA-2023:0272
reference_id	RHSA-2023:0272
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0272

reference_url	https://usn.ubuntu.com/6943-1/
reference_id	USN-6943-1
reference_type
scores
url	https://usn.ubuntu.com/6943-1/

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	367
name	Time-of-check Time-of-use (TOCTOU) Race Condition
description	The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 0.1 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6pm1-byhk-eqfg

Vulnerability Instance