Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-6kcx-vptm-zbds

Summary

Incomplete Cleanup vulnerability in Apache Tomcat.

The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, 
in progress refactoring that exposed a potential denial of service on 
Windows if a web application opened a stream for an uploaded file but 
failed to close the stream. The file would never be deleted from disk 
creating the possibility of an eventual denial of service due to the 
disk being full.

Other, EOL versions may also be affected.


Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Aliases

alias	CVE-2023-42794

alias	GHSA-jm7m-8jh6-29hp

Fixed_packages

url	pkg:apache/tomcat@8.5.94
purl	pkg:apache/tomcat@8.5.94
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.94

url	pkg:apache/tomcat@9.0.81
purl	pkg:apache/tomcat@9.0.81
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.81

url	pkg:deb/debian/tomcat10@0?distro=trixie
purl	pkg:deb/debian/tomcat10@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@0%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-35xg-a746-5qgc

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-rsxs-u5cc-rkgj

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-35xg-a746-5qgc

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-rsxs-u5cc-rkgj

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rmy-13ym-3bgm

vulnerability	VCID-35xg-a746-5qgc

vulnerability	VCID-74tx-sx8a-guhs

vulnerability	VCID-8e1c-rbkg-v7c2

vulnerability	VCID-d1fm-vbd1-n7au

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-rsxs-u5cc-rkgj

vulnerability	VCID-yrzk-1dbk-muhy

vulnerability	VCID-zw2q-kna8-mqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
purl	pkg:deb/debian/tomcat10@10.1.52-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-2%3Fdistro=trixie

url	pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
purl	pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@0?distro=trixie
purl	pkg:deb/debian/tomcat9@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@0%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.115-1%3Fdistro=trixie

url pkg:maven/org.apache.tomcat/tomcat@8.5.94

purl pkg:maven/org.apache.tomcat/tomcat@8.5.94

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.94

url pkg:maven/org.apache.tomcat/tomcat@9.0.81

purl pkg:maven/org.apache.tomcat/tomcat@9.0.81

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b3bb-9ajg-sfc9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.81

url pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.94

purl pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.94

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b3bb-9ajg-sfc9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.94

url pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.81

purl pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.81

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b3bb-9ajg-sfc9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.81

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.94

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.94

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.94

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.81

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.81

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.81

Affected_packages

url pkg:apache/tomcat@8.5.85

purl pkg:apache/tomcat@8.5.85

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.85

url pkg:apache/tomcat@8.5.93

purl pkg:apache/tomcat@8.5.93

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-rzj2-4kcj-43dq

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.93

url pkg:apache/tomcat@9.0.70

purl pkg:apache/tomcat@9.0.70

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-6kcx-vptm-zbds

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.70

url pkg:apache/tomcat@9.0.80

purl pkg:apache/tomcat@9.0.80

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-rzj2-4kcj-43dq

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.80

url pkg:maven/org.apache.tomcat/coyote@8.5.85

purl pkg:maven/org.apache.tomcat/coyote@8.5.85

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/coyote@8.5.85

url pkg:maven/org.apache.tomcat/coyote@9.0.70

purl pkg:maven/org.apache.tomcat/coyote@9.0.70

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/coyote@9.0.70

url pkg:maven/org.apache.tomcat/tomcat@8.5.85

purl pkg:maven/org.apache.tomcat/tomcat@8.5.85

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.85

url pkg:maven/org.apache.tomcat/tomcat@8.5.86

purl pkg:maven/org.apache.tomcat/tomcat@8.5.86

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.86

url pkg:maven/org.apache.tomcat/tomcat@8.5.87

purl pkg:maven/org.apache.tomcat/tomcat@8.5.87

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.87

url pkg:maven/org.apache.tomcat/tomcat@8.5.88

purl pkg:maven/org.apache.tomcat/tomcat@8.5.88

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5732-xnx7-tkfy

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.88

url pkg:maven/org.apache.tomcat/tomcat@8.5.89

purl pkg:maven/org.apache.tomcat/tomcat@8.5.89

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.89

url pkg:maven/org.apache.tomcat/tomcat@8.5.90

purl pkg:maven/org.apache.tomcat/tomcat@8.5.90

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.90

url pkg:maven/org.apache.tomcat/tomcat@8.5.91

purl pkg:maven/org.apache.tomcat/tomcat@8.5.91

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.91

url pkg:maven/org.apache.tomcat/tomcat@8.5.92

purl pkg:maven/org.apache.tomcat/tomcat@8.5.92

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-j6cj-ftyd-3ffa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.92

url pkg:maven/org.apache.tomcat/tomcat@8.5.93

purl pkg:maven/org.apache.tomcat/tomcat@8.5.93

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-rzj2-4kcj-43dq

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.93

url pkg:maven/org.apache.tomcat/tomcat@9.0.70

purl pkg:maven/org.apache.tomcat/tomcat@9.0.70

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.70

url pkg:maven/org.apache.tomcat/tomcat@9.0.71

purl pkg:maven/org.apache.tomcat/tomcat@9.0.71

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.71

url pkg:maven/org.apache.tomcat/tomcat@9.0.72

purl pkg:maven/org.apache.tomcat/tomcat@9.0.72

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.72

url pkg:maven/org.apache.tomcat/tomcat@9.0.73

purl pkg:maven/org.apache.tomcat/tomcat@9.0.73

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.73

url pkg:maven/org.apache.tomcat/tomcat@9.0.74

purl pkg:maven/org.apache.tomcat/tomcat@9.0.74

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5732-xnx7-tkfy

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.74

url pkg:maven/org.apache.tomcat/tomcat@9.0.75

purl pkg:maven/org.apache.tomcat/tomcat@9.0.75

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.75

url pkg:maven/org.apache.tomcat/tomcat@9.0.76

purl pkg:maven/org.apache.tomcat/tomcat@9.0.76

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2zq1-na8s-mfdd

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.76

url pkg:maven/org.apache.tomcat/tomcat@9.0.78

purl pkg:maven/org.apache.tomcat/tomcat@9.0.78

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.78

url pkg:maven/org.apache.tomcat/tomcat@9.0.79

purl pkg:maven/org.apache.tomcat/tomcat@9.0.79

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-j6cj-ftyd-3ffa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.79

url pkg:maven/org.apache.tomcat/tomcat@9.0.80

purl pkg:maven/org.apache.tomcat/tomcat@9.0.80

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-rzj2-4kcj-43dq

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.80

url pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.85

purl pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.85

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.85

url pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.70

purl pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.70

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-j6cj-ftyd-3ffa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.70

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.85

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.85

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.85

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.87

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.87

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.87

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.88

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.88

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5732-xnx7-tkfy

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.88

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.89

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.89

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.89

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.90

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.90

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.90

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.91

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.91

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.91

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.92

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.92

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.92

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.93

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.93

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.93

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.70

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.70

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.70

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.71

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.71

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.71

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.73

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.73

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-xgr8-tpv5-q3b2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.73

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.74

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.74

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5732-xnx7-tkfy

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.74

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.75

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.75

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.75

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.76

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.76

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2zq1-na8s-mfdd

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.76

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.78

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.78

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.78

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.79

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.79

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.79

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-vsdf-4tfj-uybe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80

url pkg:rpm/redhat/tomcat@1:9.0.62-27.el8_9?arch=2

purl pkg:rpm/redhat/tomcat@1:9.0.62-27.el8_9?arch=2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-rzj2-4kcj-43dq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.62-27.el8_9%3Farch=2

url pkg:rpm/redhat/tomcat@1:9.0.62-37.el9_3?arch=1

purl pkg:rpm/redhat/tomcat@1:9.0.62-37.el9_3?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kcx-vptm-zbds

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-rzj2-4kcj-43dq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.62-37.el9_3%3Farch=1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42794.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42794.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-42794

reference_id

reference_type

scores

value	0.00355
scoring_system	epss
scoring_elements	0.57877
published_at	2026-04-16T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57848
published_at	2026-04-13T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57869
published_at	2026-04-12T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57891
published_at	2026-04-11T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57824
published_at	2026-04-02T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57873
published_at	2026-04-08T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57818
published_at	2026-04-07T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57844
published_at	2026-04-04T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57874
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-42794

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url	https://github.com/apache/tomcat/commit/43b882b8a577684498ab9b8851aa0427216784f7
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/43b882b8a577684498ab9b8851aa0427216784f7

reference_url	https://github.com/apache/tomcat/commit/c99ffc30e95ddc4daede564d08cb5ea2b9a9da65
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c99ffc30e95ddc4daede564d08cb5ea2b9a9da65

reference_url

https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82

reference_url

http://www.openwall.com/lists/oss-security/2023/10/10/8

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/10/10/8

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2243751
reference_id	2243751
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2243751

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42794

reference_id

CVE-2023-42794

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42794

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-42794

reference_id

CVE-2023-42794

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-42794

reference_url

https://github.com/advisories/GHSA-jm7m-8jh6-29hp

reference_id

GHSA-jm7m-8jh6-29hp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jm7m-8jh6-29hp

reference_url	https://access.redhat.com/errata/RHSA-2023:7623
reference_id	RHSA-2023:7623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7623

reference_url	https://access.redhat.com/errata/RHSA-2024:0125
reference_id	RHSA-2024:0125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0125

reference_url	https://access.redhat.com/errata/RHSA-2024:0474
reference_id	RHSA-2024:0474
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0474

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	459
name	Incomplete Cleanup
description	The product does not properly clean up and remove temporary or supporting resources after they have been used.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 0.1 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6kcx-vptm-zbds

Vulnerability Instance