Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.102
purl pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.102
Next non-vulnerable version 9.0.104
Latest non-vulnerable version 11.0.20
Risk 10.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-2zq1-na8s-mfdd
Aliases:
CVE-2025-31650
GHSA-3p2h-wqq4-wf4h
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
9.0.104
Affected by 0 other vulnerabilities.
10.1.40
Affected by 0 other vulnerabilities.
11.0.6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-07T04:57:41.868550+00:00 GHSA Importer Affected by VCID-2zq1-na8s-mfdd https://github.com/advisories/GHSA-3p2h-wqq4-wf4h 38.1.0