VulnerableCode Package Details - pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.23

Search for packages

Vulnerability	Summary	Fixed by
VCID-nmq2-8ysj-4fbc Aliases: CVE-2022-42252 GHSA-p22x-g9px-3945	If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.	10.0.27 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.1.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wptr-hkjx-s7c3 Aliases: CVE-2021-42340 GHSA-wph7-x527-w3h5	The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.	10.1.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-nmq2-8ysj-4fbc
Aliases:
CVE-2022-42252
GHSA-p22x-g9px-3945

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.

10.0.27
Affected by 1 other vulnerability.

10.1.1
Affected by 5 other vulnerabilities.

VCID-wptr-hkjx-s7c3
Aliases:
CVE-2021-42340
GHSA-wph7-x527-w3h5

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

10.1.1
Affected by 5 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-p8q2-pt96-5ye8	In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.	CVE-2022-34305 GHSA-6j88-6whg-x687

Vulnerability

Summary

Aliases

VCID-p8q2-pt96-5ye8

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

CVE-2022-34305
GHSA-6j88-6whg-x687

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-11T23:31:39.696950+00:00	GitLab Importer	Affected by	VCID-nmq2-8ysj-4fbc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2022-42252.yml	38.3.0
2026-04-11T23:20:10.714321+00:00	GitLab Importer	Fixing	VCID-p8q2-pt96-5ye8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2022-34305.yml	38.3.0
2026-04-11T22:45:42.192754+00:00	GitLab Importer	Affected by	VCID-wptr-hkjx-s7c3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2021-42340.yml	38.3.0
2026-04-02T23:37:03.070056+00:00	GitLab Importer	Affected by	VCID-nmq2-8ysj-4fbc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2022-42252.yml	38.1.0
2026-04-02T23:27:24.021429+00:00	GitLab Importer	Fixing	VCID-p8q2-pt96-5ye8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2022-34305.yml	38.1.0
2026-04-02T22:55:35.319957+00:00	GitLab Importer	Affected by	VCID-wptr-hkjx-s7c3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2021-42340.yml	38.1.0
2026-04-01T17:59:14.009923+00:00	GitLab Importer	Affected by	VCID-nmq2-8ysj-4fbc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2022-42252.yml	38.0.0
2026-04-01T17:48:20.238088+00:00	GitLab Importer	Fixing	VCID-p8q2-pt96-5ye8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2022-34305.yml	38.0.0
2026-04-01T17:13:54.291050+00:00	GitLab Importer	Affected by	VCID-wptr-hkjx-s7c3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2021-42340.yml	38.0.0