VulnerableCode Package Details - pkg:rpm/redhat/jws5-mod_cluster@1.4.3-2.Final_redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-n3ab-nk7c-hqc9 Aliases: CVE-2021-25329 GHSA-jgwr-3qm3-26f3	The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.	There are no reported fixed by versions.
VCID-t2ne-75ck-eqcr Aliases: CVE-2021-25122 GHSA-j39c-c8hj-x4j3	When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.	There are no reported fixed by versions.
VCID-vdv3-7dwp-suab Aliases: CVE-2020-25638 GHSA-j8jw-g6fq-mp7h	SQL injection in hibernate-core A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-n3ab-nk7c-hqc9
Aliases:
CVE-2021-25329
GHSA-jgwr-3qm3-26f3

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

There are no reported fixed by versions.

VCID-t2ne-75ck-eqcr
Aliases:
CVE-2021-25122
GHSA-j39c-c8hj-x4j3

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.

There are no reported fixed by versions.

VCID-vdv3-7dwp-suab
Aliases:
CVE-2020-25638
GHSA-j8jw-g6fq-mp7h

SQL injection in hibernate-core A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:04:21.228865+00:00	RedHat Importer	Affected by	VCID-vdv3-7dwp-suab	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25638.json	38.0.0
2026-04-01T14:03:04.684281+00:00	RedHat Importer	Affected by	VCID-n3ab-nk7c-hqc9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25329.json	38.0.0
2026-04-01T14:03:04.491699+00:00	RedHat Importer	Affected by	VCID-t2ne-75ck-eqcr	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25122.json	38.0.0