Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-kqng-d1f2-myg5
Summary
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.

The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.
Aliases
0
alias CVE-2025-61795
1
alias GHSA-hgrr-935x-pq79
Fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@9.0.110
purl pkg:maven/org.apache.tomcat/tomcat@9.0.110
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.110
1
url pkg:maven/org.apache.tomcat/tomcat@10.1.47
purl pkg:maven/org.apache.tomcat/tomcat@10.1.47
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.47
2
url pkg:maven/org.apache.tomcat/tomcat@11.0.12
purl pkg:maven/org.apache.tomcat/tomcat@11.0.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.12
3
url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.110
purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.110
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.110
4
url pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.47
purl pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.47
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.47
5
url pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.12
purl pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.12
6
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.110
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.110
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.110
7
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.47
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.47
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.47
8
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.12
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.12
Affected_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.0
purl pkg:maven/org.apache.tomcat/tomcat@8.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kgu-zupu-tydw
1
vulnerability VCID-3nsr-9s9y-ckft
2
vulnerability VCID-4nx6-t8vd-bqcu
3
vulnerability VCID-59dd-qzpt-aucm
4
vulnerability VCID-6umz-z8db-kqcy
5
vulnerability VCID-dast-z2hv-2yfe
6
vulnerability VCID-dbu6-fhrs-aubn
7
vulnerability VCID-dk58-p9py-rka9
8
vulnerability VCID-g3vd-74yh-s7bn
9
vulnerability VCID-gmjm-6ck2-skgu
10
vulnerability VCID-hqzu-shyu-j3hp
11
vulnerability VCID-jzta-navk-87bn
12
vulnerability VCID-kqng-d1f2-myg5
13
vulnerability VCID-nxb3-55eu-auhp
14
vulnerability VCID-q7g1-m4e7-pya4
15
vulnerability VCID-qth9-7326-hffp
16
vulnerability VCID-rk89-9dw5-w3gg
17
vulnerability VCID-rtmv-qetu-yqfa
18
vulnerability VCID-s37s-p75k-27e6
19
vulnerability VCID-se44-f85s-xyex
20
vulnerability VCID-tcmv-6ftg-fqen
21
vulnerability VCID-u95s-xhwk-vka6
22
vulnerability VCID-vu84-dfwa-z3dg
23
vulnerability VCID-wmb3-3j7y-due7
24
vulnerability VCID-xns8-63b5-guf2
25
vulnerability VCID-y9hs-ymcm-3ucx
26
vulnerability VCID-zba8-2zc4-9qfh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.0
1
url pkg:maven/org.apache.tomcat/tomcat@8.5.100
purl pkg:maven/org.apache.tomcat/tomcat@8.5.100
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d8re-94xd-nycp
1
vulnerability VCID-kqng-d1f2-myg5
2
vulnerability VCID-wcnj-bna8-7fh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.100
2
url pkg:maven/org.apache.tomcat/tomcat@9.0.0-M.1
purl pkg:maven/org.apache.tomcat/tomcat@9.0.0-M.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kqng-d1f2-myg5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0-M.1
3
url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1
purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d8re-94xd-nycp
1
vulnerability VCID-kqng-d1f2-myg5
2
vulnerability VCID-wcnj-bna8-7fh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1
4
url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1
purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d8re-94xd-nycp
1
vulnerability VCID-kqng-d1f2-myg5
2
vulnerability VCID-s93z-rmw7-5bcw
3
vulnerability VCID-wcnj-bna8-7fh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1
5
url pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.0
purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6umz-z8db-kqcy
1
vulnerability VCID-7fh9-36qs-jfg5
2
vulnerability VCID-jzta-navk-87bn
3
vulnerability VCID-kqng-d1f2-myg5
4
vulnerability VCID-rk89-9dw5-w3gg
5
vulnerability VCID-urhs-6aus-syb1
6
vulnerability VCID-xa95-zsnk-3kg9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.0
6
url pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.100
purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.100
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d8re-94xd-nycp
1
vulnerability VCID-kqng-d1f2-myg5
2
vulnerability VCID-wcnj-bna8-7fh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.100
7
url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0-M.1
purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0-M.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kqng-d1f2-myg5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0-M.1
8
url pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.0-M1
purl pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.0-M1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d8re-94xd-nycp
1
vulnerability VCID-kqng-d1f2-myg5
2
vulnerability VCID-wcnj-bna8-7fh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.0-M1
9
url pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.0-M1
purl pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.0-M1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d8re-94xd-nycp
1
vulnerability VCID-kqng-d1f2-myg5
2
vulnerability VCID-wcnj-bna8-7fh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.0-M1
10
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.0
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3nsr-9s9y-ckft
1
vulnerability VCID-4nx6-t8vd-bqcu
2
vulnerability VCID-axzz-cadr-b7fv
3
vulnerability VCID-dast-z2hv-2yfe
4
vulnerability VCID-dbu6-fhrs-aubn
5
vulnerability VCID-dk58-p9py-rka9
6
vulnerability VCID-gmjm-6ck2-skgu
7
vulnerability VCID-j66a-6et3-mfha
8
vulnerability VCID-kqng-d1f2-myg5
9
vulnerability VCID-paqj-ye46-8bdb
10
vulnerability VCID-qth9-7326-hffp
11
vulnerability VCID-rk89-9dw5-w3gg
12
vulnerability VCID-se44-f85s-xyex
13
vulnerability VCID-urhs-6aus-syb1
14
vulnerability VCID-xa95-zsnk-3kg9
15
vulnerability VCID-xns8-63b5-guf2
16
vulnerability VCID-y4a2-mamb-yqg6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.0
11
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.100
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.100
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d8re-94xd-nycp
1
vulnerability VCID-kqng-d1f2-myg5
2
vulnerability VCID-wcnj-bna8-7fh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.100
12
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0-M.1
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0-M.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kqng-d1f2-myg5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0-M.1
13
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.0-M1
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.0-M1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d8re-94xd-nycp
1
vulnerability VCID-j66a-6et3-mfha
2
vulnerability VCID-kqng-d1f2-myg5
3
vulnerability VCID-paqj-ye46-8bdb
4
vulnerability VCID-urhs-6aus-syb1
5
vulnerability VCID-wcnj-bna8-7fh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.0-M1
14
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M1
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d8re-94xd-nycp
1
vulnerability VCID-j66a-6et3-mfha
2
vulnerability VCID-kqng-d1f2-myg5
3
vulnerability VCID-paqj-ye46-8bdb
4
vulnerability VCID-urhs-6aus-syb1
5
vulnerability VCID-wcnj-bna8-7fh7
6
vulnerability VCID-y4a2-mamb-yqg6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M1
References
0
reference_url https://cert-portal.siemens.com/productcert/html/ssa-032379.html
reference_id
reference_type
scores
url https://cert-portal.siemens.com/productcert/html/ssa-032379.html
1
reference_url https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06
2
reference_url https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0
3
reference_url https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b
4
reference_url https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp
reference_id
reference_type
scores
url https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp
5
reference_url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47
reference_id
reference_type
scores
url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47
6
reference_url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12
reference_id
reference_type
scores
url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12
7
reference_url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110
reference_id
reference_type
scores
url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61795
reference_id CVE-2025-61795
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-61795
9
reference_url https://github.com/advisories/GHSA-hgrr-935x-pq79
reference_id GHSA-hgrr-935x-pq79
reference_type
scores
url https://github.com/advisories/GHSA-hgrr-935x-pq79
Weaknesses
0
cwe_id 404
name Improper Resource Shutdown or Release
description The product does not release or incorrectly releases a resource before it is made available for re-use.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-kqng-d1f2-myg5