VulnerableCode Package Details - pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.9

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.9

purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.9
Tags	Ghost

Next non-vulnerable version	9.0.107
Latest non-vulnerable version	11.0.21
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-m2zn-ja8d-7kg8 Aliases: CVE-2018-8034 GHSA-46j3-r4pj-4835	The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.	9.0.10 Affected by 22 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-11T21:59:55.489978+00:00	GitLab Importer	Fixing	VCID-n3zn-tuck-gkfe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2018-8014.yml	38.3.0
2026-04-02T22:13:04.383357+00:00	GitLab Importer	Fixing	VCID-n3zn-tuck-gkfe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2018-8014.yml	38.1.0
2026-04-01T15:56:57.224800+00:00	GHSA Importer	Affected by	VCID-m2zn-ja8d-7kg8	https://github.com/advisories/GHSA-46j3-r4pj-4835	38.0.0
2026-04-01T15:56:56.485838+00:00	GHSA Importer	Fixing	VCID-n3zn-tuck-gkfe	https://github.com/advisories/GHSA-r4x2-3cq5-hqvp	38.0.0
2026-04-01T13:03:31.646924+00:00	GithubOSV Importer	Fixing	VCID-n3zn-tuck-gkfe	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-r4x2-3cq5-hqvp/GHSA-r4x2-3cq5-hqvp.json	38.0.0
2026-04-01T12:48:04.026828+00:00	GitLab Importer	Fixing	VCID-n3zn-tuck-gkfe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2018-8014.yml	38.0.0