Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/4456?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4456?format=api", "vulnerability_id": "VCID-6pm1-byhk-eqfg", "summary": "The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.", "aliases": [ { "alias": "CVE-2022-23181" }, { "alias": "GHSA-9f3j-pm6f-9fm5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1032?format=api", "purl": "pkg:apache/tomcat@8.5.75", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ayrd-8ntf-hkh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.75" }, { "url": "http://public2.vulnerablecode.io/api/packages/886?format=api", "purl": "pkg:apache/tomcat@9.0.58", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.58" }, { "url": "http://public2.vulnerablecode.io/api/packages/744?format=api", "purl": "pkg:apache/tomcat@10.0.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/749?format=api", "purl": "pkg:apache/tomcat@10.1.0-M10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M10" }, { "url": "http://public2.vulnerablecode.io/api/packages/941356?format=api", "purl": "pkg:deb/debian/tomcat9@9.0.43-2~deb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049133?format=api", "purl": "pkg:deb/debian/tomcat9@9.0.43-2~deb11u10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e6p-cppr-2bh2" }, { "vulnerability": "VCID-246u-a4rh-yyd4" }, { "vulnerability": "VCID-2kku-pzer-9ufv" }, { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-2x6a-3gh1-rkhs" }, { "vulnerability": "VCID-2zq1-na8s-mfdd" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-3vdn-j7sj-dfdn" }, { "vulnerability": "VCID-43j2-w5xt-43g9" }, { "vulnerability": "VCID-4cag-c4pb-dfaz" }, { "vulnerability": "VCID-5sgv-7nsz-5fa8" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-8mns-kw6c-a7dk" }, { "vulnerability": "VCID-8myk-ac5b-huh8" }, { "vulnerability": "VCID-8war-4v58-eub2" }, { "vulnerability": "VCID-9kfe-1esf-uydm" }, { "vulnerability": "VCID-cfhw-vmcp-y3bc" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-gb2v-96xj-ybad" }, { "vulnerability": "VCID-gvhy-d4gm-57d3" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-k59r-wjt3-wqe5" }, { "vulnerability": "VCID-k9cg-ehdw-dbh6" }, { "vulnerability": "VCID-kukv-k3z7-7fgs" }, { "vulnerability": "VCID-maw6-4qs5-ykae" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-sr8e-w1qk-r7fz" }, { "vulnerability": "VCID-v8ku-sjc8-wfga" }, { "vulnerability": "VCID-xqjr-7xfw-mbh2" }, { "vulnerability": "VCID-y9ne-rw7e-vugf" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/941336?format=api", "purl": "pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941357?format=api", "purl": "pkg:deb/debian/tomcat9@9.0.58-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.58-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941334?format=api", "purl": "pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941338?format=api", "purl": "pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941337?format=api", "purl": "pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.115-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1034?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@8.5.75", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ayrd-8ntf-hkh3" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-g7bk-891a-uufy" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.75" }, { "url": "http://public2.vulnerablecode.io/api/packages/889?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.58", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-stds-vw5z-auhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.58" }, { "url": "http://public2.vulnerablecode.io/api/packages/747?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/751?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.0-M10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8war-4v58-eub2" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M10" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036?format=api", "purl": "pkg:apache/tomcat@8.5.55", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46bv-6b7y-3bca" }, { "vulnerability": "VCID-6pm1-byhk-eqfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037?format=api", "purl": "pkg:apache/tomcat@8.5.73", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pm1-byhk-eqfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.73" }, { "url": "http://public2.vulnerablecode.io/api/packages/884?format=api", "purl": "pkg:apache/tomcat@9.0.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46bv-6b7y-3bca" }, { "vulnerability": "VCID-6pm1-byhk-eqfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/885?format=api", "purl": "pkg:apache/tomcat@9.0.56", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pm1-byhk-eqfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.56" }, { "url": "http://public2.vulnerablecode.io/api/packages/742?format=api", "purl": "pkg:apache/tomcat@10.0.0-M5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46bv-6b7y-3bca" }, { "vulnerability": "VCID-6pm1-byhk-eqfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.0.0-M5" }, { "url": "http://public2.vulnerablecode.io/api/packages/743?format=api", "purl": "pkg:apache/tomcat@10.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pm1-byhk-eqfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/642?format=api", "purl": "pkg:apache/tomcat@10.1.0-M1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e6p-cppr-2bh2" }, { "vulnerability": "VCID-246u-a4rh-yyd4" }, { "vulnerability": "VCID-2kku-pzer-9ufv" }, { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-2x6a-3gh1-rkhs" }, { "vulnerability": "VCID-3vdn-j7sj-dfdn" }, { "vulnerability": "VCID-43j2-w5xt-43g9" }, { "vulnerability": "VCID-4cag-c4pb-dfaz" }, { "vulnerability": "VCID-56jv-htmt-rkew" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-5sgv-7nsz-5fa8" }, { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-8mns-kw6c-a7dk" }, { "vulnerability": "VCID-8myk-ac5b-huh8" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-cfhw-vmcp-y3bc" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-gb2v-96xj-ybad" }, { "vulnerability": "VCID-gvhy-d4gm-57d3" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-k59r-wjt3-wqe5" }, { "vulnerability": "VCID-kukv-k3z7-7fgs" }, { "vulnerability": "VCID-maw6-4qs5-ykae" }, { "vulnerability": "VCID-n9yk-e49f-n7e7" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p6pa-f1fg-hbhg" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-rzj2-4kcj-43dq" }, { "vulnerability": "VCID-sr8e-w1qk-r7fz" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-v8ku-sjc8-wfga" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" }, { "vulnerability": "VCID-xqjr-7xfw-mbh2" }, { "vulnerability": "VCID-y9ne-rw7e-vugf" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M1" }, { "url": "http://public2.vulnerablecode.io/api/packages/748?format=api", "purl": "pkg:apache/tomcat@10.1.0-M8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pm1-byhk-eqfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049132?format=api", "purl": "pkg:deb/debian/tomcat9@9.0.31-1~deb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e6p-cppr-2bh2" }, { "vulnerability": "VCID-246u-a4rh-yyd4" }, { "vulnerability": "VCID-2kku-pzer-9ufv" }, { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-2x6a-3gh1-rkhs" }, { "vulnerability": "VCID-2zq1-na8s-mfdd" }, { "vulnerability": "VCID-35xg-a746-5qgc" }, { "vulnerability": "VCID-3vdn-j7sj-dfdn" }, { "vulnerability": "VCID-43j2-w5xt-43g9" }, { "vulnerability": "VCID-46bv-6b7y-3bca" }, { "vulnerability": "VCID-4cag-c4pb-dfaz" }, { "vulnerability": "VCID-56jv-htmt-rkew" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-5sgv-7nsz-5fa8" }, { "vulnerability": "VCID-66kh-s6cr-tqf9" }, { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-74tx-sx8a-guhs" }, { "vulnerability": "VCID-885s-t4dx-dybv" }, { "vulnerability": "VCID-8e1c-rbkg-v7c2" }, { "vulnerability": "VCID-8mns-kw6c-a7dk" }, { "vulnerability": "VCID-8myk-ac5b-huh8" }, { "vulnerability": "VCID-8war-4v58-eub2" }, { "vulnerability": "VCID-9kfe-1esf-uydm" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-cfhw-vmcp-y3bc" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-dy6m-zt6r-9ubd" }, { "vulnerability": "VCID-dzan-r49k-kqab" }, { "vulnerability": "VCID-dzpn-w4b3-vbcm" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-gb2v-96xj-ybad" }, { "vulnerability": "VCID-gvhy-d4gm-57d3" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-k59r-wjt3-wqe5" }, { "vulnerability": "VCID-k9cg-ehdw-dbh6" }, { "vulnerability": "VCID-kukv-k3z7-7fgs" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-maw6-4qs5-ykae" }, { "vulnerability": "VCID-n3ab-nk7c-hqc9" }, { "vulnerability": "VCID-n9yk-e49f-n7e7" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-nvbx-q971-skgm" }, { "vulnerability": "VCID-p6pa-f1fg-hbhg" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-ran8-rnqn-tkbc" }, { "vulnerability": "VCID-rq42-qvsy-hue6" }, { "vulnerability": "VCID-rsxs-u5cc-rkgj" }, { "vulnerability": "VCID-ruuh-g3fa-m7d8" }, { "vulnerability": "VCID-rzj2-4kcj-43dq" }, { "vulnerability": "VCID-sr8e-w1qk-r7fz" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-t2ne-75ck-eqcr" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-v8ku-sjc8-wfga" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-wgsc-dnn1-ukeq" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" }, { "vulnerability": "VCID-xqjr-7xfw-mbh2" }, { "vulnerability": "VCID-xt59-cnmj-2bf8" }, { "vulnerability": "VCID-y9ne-rw7e-vugf" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" }, { "vulnerability": "VCID-yrzk-1dbk-muhy" }, { "vulnerability": "VCID-z2pq-cv2w-nfdk" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.31-1~deb10u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@8.5.55", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46bv-6b7y-3bca" }, { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-ayrd-8ntf-hkh3" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-dy6m-zt6r-9ubd" }, { "vulnerability": "VCID-g7bk-891a-uufy" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-k9cg-ehdw-dbh6" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-ran8-rnqn-tkbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.55" }, { "url": "http://public2.vulnerablecode.io/api/packages/1039?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@8.5.73", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-ayrd-8ntf-hkh3" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-g7bk-891a-uufy" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.73" }, { "url": "http://public2.vulnerablecode.io/api/packages/963?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sbh-sy57-3uez" }, { "vulnerability": "VCID-39e3-jfbg-s3hk" }, { "vulnerability": "VCID-46bv-6b7y-3bca" }, { "vulnerability": "VCID-4aaa-errb-2qdw" }, { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-aeeu-fpay-wufz" }, { "vulnerability": "VCID-arkn-bca7-hqam" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-dtvw-92bk-wbcf" }, { "vulnerability": "VCID-dy6m-zt6r-9ubd" }, { "vulnerability": "VCID-e7kd-kk57-mkd6" }, { "vulnerability": "VCID-eb37-mkxf-7fgw" }, { "vulnerability": "VCID-enaj-f97c-jbh7" }, { "vulnerability": "VCID-f77q-v5xp-e7dy" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-m2zn-ja8d-7kg8" }, { "vulnerability": "VCID-n3zn-tuck-gkfe" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-qbfw-16rt-qyc7" }, { "vulnerability": "VCID-ran8-rnqn-tkbc" }, { "vulnerability": "VCID-vdnj-sqmx-e3ep" }, { "vulnerability": "VCID-xshb-a2kb-c7gs" }, { "vulnerability": "VCID-yfx4-4gsc-2kgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/887?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46bv-6b7y-3bca" }, { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-dy6m-zt6r-9ubd" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-k9cg-ehdw-dbh6" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-ran8-rnqn-tkbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/888?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.56", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-stds-vw5z-auhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.56" }, { "url": "http://public2.vulnerablecode.io/api/packages/745?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.0-M5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46bv-6b7y-3bca" }, { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-a8gk-n8bq-87cp" }, { "vulnerability": "VCID-dzan-r49k-kqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M5" }, { "url": "http://public2.vulnerablecode.io/api/packages/775?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66kh-s6cr-tqf9" }, { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-dy6m-zt6r-9ubd" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-kwab-3s4q-eka4" }, { "vulnerability": "VCID-n3ab-nk7c-hqc9" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-ran8-rnqn-tkbc" }, { "vulnerability": "VCID-t2ne-75ck-eqcr" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/746?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/645?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e6p-cppr-2bh2" }, { "vulnerability": "VCID-246u-a4rh-yyd4" }, { "vulnerability": "VCID-2kku-pzer-9ufv" }, { "vulnerability": "VCID-2rmy-13ym-3bgm" }, { "vulnerability": "VCID-2x6a-3gh1-rkhs" }, { "vulnerability": "VCID-3vdn-j7sj-dfdn" }, { "vulnerability": "VCID-43j2-w5xt-43g9" }, { "vulnerability": "VCID-4cag-c4pb-dfaz" }, { "vulnerability": "VCID-56jv-htmt-rkew" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-5sgv-7nsz-5fa8" }, { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-8mns-kw6c-a7dk" }, { "vulnerability": "VCID-8myk-ac5b-huh8" }, { "vulnerability": "VCID-b3bb-9ajg-sfc9" }, { "vulnerability": "VCID-cfhw-vmcp-y3bc" }, { "vulnerability": "VCID-d1fm-vbd1-n7au" }, { "vulnerability": "VCID-fpgj-82wf-ykbw" }, { "vulnerability": "VCID-gb2v-96xj-ybad" }, { "vulnerability": "VCID-gvhy-d4gm-57d3" }, { "vulnerability": "VCID-gyed-x6s8-ybhr" }, { "vulnerability": "VCID-j6cj-ftyd-3ffa" }, { "vulnerability": "VCID-j8tk-s915-pbfy" }, { "vulnerability": "VCID-k59r-wjt3-wqe5" }, { "vulnerability": "VCID-kukv-k3z7-7fgs" }, { "vulnerability": "VCID-maw6-4qs5-ykae" }, { "vulnerability": "VCID-n9yk-e49f-n7e7" }, { "vulnerability": "VCID-nmq2-8ysj-4fbc" }, { "vulnerability": "VCID-p6pa-f1fg-hbhg" }, { "vulnerability": "VCID-p8q2-pt96-5ye8" }, { "vulnerability": "VCID-qkx6-32cj-jfbp" }, { "vulnerability": "VCID-rzj2-4kcj-43dq" }, { "vulnerability": "VCID-sr8e-w1qk-r7fz" }, { "vulnerability": "VCID-stds-vw5z-auhp" }, { "vulnerability": "VCID-v7tp-1t4h-zqeg" }, { "vulnerability": "VCID-v8ku-sjc8-wfga" }, { "vulnerability": "VCID-vsdf-4tfj-uybe" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" }, { "vulnerability": "VCID-xqjr-7xfw-mbh2" }, { "vulnerability": "VCID-y9ne-rw7e-vugf" }, { "vulnerability": "VCID-zw2q-kna8-mqcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1" }, { "url": "http://public2.vulnerablecode.io/api/packages/750?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.0-M8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-8war-4v58-eub2" }, { "vulnerability": "VCID-wptr-hkjx-s7c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M8" }, { "url": "http://public2.vulnerablecode.io/api/packages/97811?format=api", "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1?arch=el8jws", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-j8tk-s915-pbfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1%3Farch=el8jws" }, { "url": "http://public2.vulnerablecode.io/api/packages/97812?format=api", "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1?arch=el9jws", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-j8tk-s915-pbfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1%3Farch=el9jws" }, { "url": "http://public2.vulnerablecode.io/api/packages/97808?format=api", "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1?arch=el7jws", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pm1-byhk-eqfg" }, { "vulnerability": "VCID-j8tk-s915-pbfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.62-9.redhat_00005.1%3Farch=el7jws" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23181.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23181.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44322", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44263", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44296", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44278", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44273", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44221", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44288", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44265", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23181" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat/commit/094800b12d6c958d7b4540372c5a95698658ada1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/094800b12d6c958d7b4540372c5a95698658ada1" }, { "reference_url": "https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e" }, { "reference_url": "https://github.com/apache/tomcat/commit/70da1aaa51e0f9d088438e9d958812a144e12754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/70da1aaa51e0f9d088438e9d958812a144e12754" }, { "reference_url": "https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530" }, { "reference_url": "https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220217-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220217-0010" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220217-0010/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220217-0010/" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5265", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5265" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047417", "reference_id": "2047417", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23181", "reference_id": "CVE-2022-23181", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "apache_tomcat", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23181" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23181", "reference_id": "CVE-2022-23181", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23181" }, { "reference_url": "https://github.com/advisories/GHSA-9f3j-pm6f-9fm5", "reference_id": "GHSA-9f3j-pm6f-9fm5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9f3j-pm6f-9fm5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7272", "reference_id": "RHSA-2022:7272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7273", "reference_id": "RHSA-2022:7273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0272", "reference_id": "RHSA-2023:0272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0272" }, { "reference_url": "https://usn.ubuntu.com/6943-1/", "reference_id": "USN-6943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6943-1/" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 367, "name": "Time-of-check Time-of-use (TOCTOU) Race Condition", "description": "The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "0.1 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pm1-byhk-eqfg" }