Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat-catalina@8.5
purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5
Tags Ghost
Next non-vulnerable version 9.0.96
Latest non-vulnerable version 11.0.21
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-enaj-f97c-jbh7
Aliases:
CVE-2017-7674
GHSA-73rx-3f9r-x949
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
8.5.16
Affected by 7 other vulnerabilities.
9.0.0.M22
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:47:18.095930+00:00 GitLab Importer Affected by VCID-enaj-f97c-jbh7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2017-7674.yml 38.0.0