VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.14

Search for packages

Vulnerability	Summary	Fixed by
VCID-b3bb-9ajg-sfc9 Aliases: CVE-2023-46589 GHSA-fccv-jmmp-qg76	Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.	10.1.16 Affected by 0 other vulnerabilities. 11.0.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-b3bb-9ajg-sfc9
Aliases:
CVE-2023-46589
GHSA-fccv-jmmp-qg76

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

10.1.16
Affected by 0 other vulnerabilities.

11.0.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5781-s1ny-q7ey		CVE-2023-44487 GHSA-2m7v-gc89-fjqf GHSA-qppj-fm5r-hxr3 GHSA-vx74-f528-fxqg GHSA-xpw8-rcwv-8f8p GMS-2023-3377 VSV00013
VCID-n9yk-e49f-n7e7	Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.	CVE-2023-42795 GHSA-g8pj-r55q-5c2v

Vulnerability

Summary

Aliases

VCID-5781-s1ny-q7ey

CVE-2023-44487
GHSA-2m7v-gc89-fjqf
GHSA-qppj-fm5r-hxr3
GHSA-vx74-f528-fxqg
GHSA-xpw8-rcwv-8f8p
GMS-2023-3377
VSV00013

VCID-n9yk-e49f-n7e7

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

CVE-2023-42795
GHSA-g8pj-r55q-5c2v

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:44:14.787329+00:00	GitLab Importer	Affected by	VCID-b3bb-9ajg-sfc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml	38.4.0
2026-04-12T00:03:51.975829+00:00	GitLab Importer	Affected by	VCID-b3bb-9ajg-sfc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml	38.3.0
2026-04-03T00:08:32.496250+00:00	GitLab Importer	Affected by	VCID-b3bb-9ajg-sfc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml	38.1.0
2026-04-02T17:00:25.680461+00:00	GHSA Importer	Fixing	VCID-5781-s1ny-q7ey	https://github.com/advisories/GHSA-qppj-fm5r-hxr3	38.1.0
2026-04-02T17:00:23.520664+00:00	GHSA Importer	Fixing	VCID-n9yk-e49f-n7e7	https://github.com/advisories/GHSA-g8pj-r55q-5c2v	38.1.0
2026-04-01T12:57:11.518490+00:00	GithubOSV Importer	Fixing	VCID-5781-s1ny-q7ey	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-qppj-fm5r-hxr3/GHSA-qppj-fm5r-hxr3.json	38.0.0
2026-04-01T12:57:07.187526+00:00	GithubOSV Importer	Fixing	VCID-n9yk-e49f-n7e7	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-g8pj-r55q-5c2v/GHSA-g8pj-r55q-5c2v.json	38.0.0