VulnerableCode Package Details - pkg:apache/tomcat@9.0.38

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@9.0.38

Essentials
History (1)

purl	pkg:apache/tomcat@9.0.38

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-wgsc-dnn1-ukeq	If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.	CVE-2020-13943 GHSA-f268-65qc-98vg

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:08.370759+00:00	Apache Tomcat Importer	Fixing	VCID-wgsc-dnn1-ukeq	https://tomcat.apache.org/security-9.html	38.0.0