VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.40

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2zq1-na8s-mfdd	Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.	CVE-2025-31650 GHSA-3p2h-wqq4-wf4h

Vulnerability

Summary

Aliases

VCID-2zq1-na8s-mfdd

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.

CVE-2025-31650
GHSA-3p2h-wqq4-wf4h

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:27:47.396135+00:00	GitLab Importer	Fixing	VCID-2zq1-na8s-mfdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml	38.4.0
2026-04-12T00:47:20.344834+00:00	GitLab Importer	Fixing	VCID-2zq1-na8s-mfdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml	38.3.0
2026-04-07T04:57:42.340785+00:00	GHSA Importer	Fixing	VCID-2zq1-na8s-mfdd	https://github.com/advisories/GHSA-3p2h-wqq4-wf4h	38.1.0
2026-04-03T00:55:18.542931+00:00	GitLab Importer	Fixing	VCID-2zq1-na8s-mfdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml	38.1.0
2026-04-02T12:41:20.421143+00:00	GitLab Importer	Fixing	VCID-2zq1-na8s-mfdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml	38.0.0
2026-04-01T12:54:47.360875+00:00	GithubOSV Importer	Fixing	VCID-2zq1-na8s-mfdd	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-3p2h-wqq4-wf4h/GHSA-3p2h-wqq4-wf4h.json	38.0.0