VulnerableCode Package Details - pkg:apache/tomcat@8.5.81

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@8.5.81

Essentials
History (1)

purl	pkg:apache/tomcat@8.5.81

Next non-vulnerable version	8.5.86
Latest non-vulnerable version	11.0.21
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-p8q2-pt96-5ye8 Aliases: CVE-2022-34305 GHSA-6j88-6whg-x687	In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.	8.5.82 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.65 Affected by 0 other vulnerabilities. 10.0.23 Affected by 0 other vulnerabilities. 10.1.0-M17 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-p8q2-pt96-5ye8
Aliases:
CVE-2022-34305
GHSA-6j88-6whg-x687

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

8.5.82
Affected by 1 other vulnerability.

9.0.65
Affected by 0 other vulnerabilities.

10.0.23
Affected by 0 other vulnerabilities.

10.1.0-M17
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:10.355743+00:00	Apache Tomcat Importer	Affected by	VCID-p8q2-pt96-5ye8	https://tomcat.apache.org/security-8.html	38.0.0