Search for packages
| purl | pkg:apache/tomcat@8.5.84 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-56jv-htmt-rkew
Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c |
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-stds-vw5z-auhp | The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. |
CVE-2022-45143
GHSA-rq2w-37h9-vg94 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:10.296825+00:00 | Apache Tomcat Importer | Fixing | VCID-stds-vw5z-auhp | https://tomcat.apache.org/security-8.html | 38.0.0 |
| 2026-04-01T12:38:10.266073+00:00 | Apache Tomcat Importer | Affected by | VCID-56jv-htmt-rkew | https://tomcat.apache.org/security-8.html | 38.0.0 |