VulnerableCode Package Details - pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.11

Search for packages

Vulnerability	Summary	Fixed by
VCID-fpgj-82wf-ykbw Aliases: CVE-2025-53506 GHSA-25xr-qj8w-c4vf	Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.	10.1.43 Affected by 0 other vulnerabilities. 11.0.9 Affected by 0 other vulnerabilities.
VCID-j6cj-ftyd-3ffa Aliases: CVE-2023-41080 GHSA-q3mw-pvr8-9ggc	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected. The vulnerability is limited to the ROOT (default) web application.	10.1.13 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.0-M11 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vsdf-4tfj-uybe Aliases: CVE-2024-24549 GHSA-7w75-32cg-r6g2	Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.	10.1.19 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 11.0.0-M17 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-fpgj-82wf-ykbw
Aliases:
CVE-2025-53506
GHSA-25xr-qj8w-c4vf

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

10.1.43
Affected by 0 other vulnerabilities.

11.0.9
Affected by 0 other vulnerabilities.

VCID-j6cj-ftyd-3ffa
Aliases:
CVE-2023-41080
GHSA-q3mw-pvr8-9ggc

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected. The vulnerability is limited to the ROOT (default) web application.

10.1.13
Affected by 2 other vulnerabilities.

11.0.0-M11
Affected by 3 other vulnerabilities.

VCID-vsdf-4tfj-uybe
Aliases:
CVE-2024-24549
GHSA-7w75-32cg-r6g2

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

10.1.19
Affected by 1 other vulnerability.

11.0.0-M17
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:33:01.250172+00:00	GitLab Importer	Affected by	VCID-fpgj-82wf-ykbw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-53506.yml	38.4.0
2026-04-16T22:53:55.207886+00:00	GitLab Importer	Affected by	VCID-vsdf-4tfj-uybe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-24549.yml	38.4.0
2026-04-16T22:36:55.438571+00:00	GitLab Importer	Affected by	VCID-j6cj-ftyd-3ffa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2023-41080.yml	38.4.0
2026-04-12T00:52:59.736883+00:00	GitLab Importer	Affected by	VCID-fpgj-82wf-ykbw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-53506.yml	38.3.0
2026-04-12T00:12:19.283599+00:00	GitLab Importer	Affected by	VCID-vsdf-4tfj-uybe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-24549.yml	38.3.0
2026-04-11T23:56:13.348124+00:00	GitLab Importer	Affected by	VCID-j6cj-ftyd-3ffa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2023-41080.yml	38.3.0
2026-04-03T01:01:09.089723+00:00	GitLab Importer	Affected by	VCID-fpgj-82wf-ykbw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-53506.yml	38.1.0
2026-04-03T00:18:40.629987+00:00	GitLab Importer	Affected by	VCID-vsdf-4tfj-uybe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-24549.yml	38.1.0
2026-04-02T23:59:18.006523+00:00	GitLab Importer	Affected by	VCID-j6cj-ftyd-3ffa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2023-41080.yml	38.1.0