Search for packages
| purl | pkg:maven/tomcat/jasper-runtime@3.3.2 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3cr9-g81m-4ugy
Aliases: CVE-2016-5018 GHSA-4v3g-g84w-hv7r |
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T20:37:45.978159+00:00 | GitLab Importer | Affected by | VCID-3cr9-g81m-4ugy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/tomcat/jasper-runtime/CVE-2016-5018.yml | 38.4.0 |
| 2026-04-11T21:48:24.142732+00:00 | GitLab Importer | Affected by | VCID-3cr9-g81m-4ugy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/tomcat/jasper-runtime/CVE-2016-5018.yml | 38.3.0 |
| 2026-04-02T22:02:19.283688+00:00 | GitLab Importer | Affected by | VCID-3cr9-g81m-4ugy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/tomcat/jasper-runtime/CVE-2016-5018.yml | 38.1.0 |
| 2026-04-01T16:19:27.473647+00:00 | GitLab Importer | Affected by | VCID-3cr9-g81m-4ugy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/tomcat/jasper-runtime/CVE-2016-5018.yml | 38.0.0 |