{"url":"http://public2.vulnerablecode.io/api/packages/210090?format=json","purl":"pkg:deb/debian/tomcat9@9.0.43-2~deb11u11?distro=trixie","type":"deb","namespace":"debian","name":"tomcat9","version":"9.0.43-2~deb11u11","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.0.43-2~deb11u12","latest_non_vulnerable_version":"9.0.118-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6702?format=json","vulnerability_id":"VCID-92cy-yp2t-s3f7","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21733.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21733.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21733","reference_id":"","reference_type":"","scores":[{"value":"0.70951","scoring_system":"epss","scoring_elements":"0.98729","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21733"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a"},{"reference_url":"https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311"},{"reference_url":"https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T16:09:11Z/"}],"url":"https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240216-0005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240216-0005"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/01/19/2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/01/19/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2259204","reference_id":"2259204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2259204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733","reference_id":"CVE-2024-21733","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21733","reference_id":"CVE-2024-21733","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21733"},{"reference_url":"https://github.com/advisories/GHSA-f4qf-m5gf-8jm8","reference_id":"GHSA-f4qf-m5gf-8jm8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f4qf-m5gf-8jm8"},{"reference_url":"https://usn.ubuntu.com/7562-1/","reference_id":"USN-7562-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7562-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/210058?format=json","purl":"pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210090?format=json","purl":"pkg:deb/debian/tomcat9@9.0.43-2~deb11u11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210077?format=json","purl":"pkg:deb/debian/tomcat9@9.0.53-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.53-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210056?format=json","purl":"pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210061?format=json","purl":"pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210059?format=json","purl":"pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.115-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210060?format=json","purl":"pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.118-1%3Fdistro=trixie"}],"aliases":["CVE-2024-21733","GHSA-f4qf-m5gf-8jm8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-92cy-yp2t-s3f7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6669?format=json","vulnerability_id":"VCID-b9hb-uzqm-wbcp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56337.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56337.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56337","reference_id":"","reference_type":"","scores":[{"value":"0.1316","scoring_system":"epss","scoring_elements":"0.94243","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56337"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T13:28:46Z/"}],"url":"https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56337","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56337"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250103-0002","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250103-0002"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2024-50379","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T13:28:46Z/"}],"url":"https://www.cve.org/CVERecord?id=CVE-2024-50379"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2333521","reference_id":"2333521","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2333521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337","reference_id":"CVE-2024-56337","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337"},{"reference_url":"https://github.com/advisories/GHSA-27hp-xhwr-wr2m","reference_id":"GHSA-27hp-xhwr-wr2m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-27hp-xhwr-wr2m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11332","reference_id":"RHSA-2025:11332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11333","reference_id":"RHSA-2025:11333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11334","reference_id":"RHSA-2025:11334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11334"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11335","reference_id":"RHSA-2025:11335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11381","reference_id":"RHSA-2025:11381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11382","reference_id":"RHSA-2025:11382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4521","reference_id":"RHSA-2025:4521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4522","reference_id":"RHSA-2025:4522","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4522"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/210058?format=json","purl":"pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210090?format=json","purl":"pkg:deb/debian/tomcat9@9.0.43-2~deb11u11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210056?format=json","purl":"pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210061?format=json","purl":"pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210059?format=json","purl":"pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.115-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210060?format=json","purl":"pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.118-1%3Fdistro=trixie"}],"aliases":["CVE-2024-56337","GHSA-27hp-xhwr-wr2m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b9hb-uzqm-wbcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6676?format=json","vulnerability_id":"VCID-mvgq-kb92-dqf8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38286","reference_id":"","reference_type":"","scores":[{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61765","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38286"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93"},{"reference_url":"https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543"},{"reference_url":"https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13"},{"reference_url":"https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:33:49Z/"}],"url":"https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38286","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38286"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241101-0010","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241101-0010"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/09/23/2","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/09/23/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314686","reference_id":"2314686","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286","reference_id":"CVE-2024-38286","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286"},{"reference_url":"https://github.com/advisories/GHSA-7jqf-v358-p8g7","reference_id":"GHSA-7jqf-v358-p8g7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7jqf-v358-p8g7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4976","reference_id":"RHSA-2024:4976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4977","reference_id":"RHSA-2024:4977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5024","reference_id":"RHSA-2024:5024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5025","reference_id":"RHSA-2024:5025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5693","reference_id":"RHSA-2024:5693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5694","reference_id":"RHSA-2024:5694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5695","reference_id":"RHSA-2024:5695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5696","reference_id":"RHSA-2024:5696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8494","reference_id":"RHSA-2024:8494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8497","reference_id":"RHSA-2024:8497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8528","reference_id":"RHSA-2024:8528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8543","reference_id":"RHSA-2024:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8567","reference_id":"RHSA-2024:8567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8572","reference_id":"RHSA-2024:8572","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8572"},{"reference_url":"https://usn.ubuntu.com/7562-1/","reference_id":"USN-7562-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7562-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/210058?format=json","purl":"pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210090?format=json","purl":"pkg:deb/debian/tomcat9@9.0.43-2~deb11u11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210056?format=json","purl":"pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210061?format=json","purl":"pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210059?format=json","purl":"pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.115-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210060?format=json","purl":"pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.118-1%3Fdistro=trixie"}],"aliases":["CVE-2024-38286","GHSA-7jqf-v358-p8g7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mvgq-kb92-dqf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6674?format=json","vulnerability_id":"VCID-nafh-ss66-efc1","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52316","reference_id":"","reference_type":"","scores":[{"value":"0.02487","scoring_system":"epss","scoring_elements":"0.85559","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14"},{"reference_url":"https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223"},{"reference_url":"https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369"},{"reference_url":"https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-18T14:50:59Z/"}],"url":"https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52316","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52316"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250124-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250124-0003"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/11/18/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/11/18/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2326972","reference_id":"2326972","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2326972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316","reference_id":"CVE-2024-52316","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316"},{"reference_url":"https://github.com/advisories/GHSA-xcpr-7mr4-h4xq","reference_id":"GHSA-xcpr-7mr4-h4xq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xcpr-7mr4-h4xq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3608","reference_id":"RHSA-2025:3608","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3608"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3609","reference_id":"RHSA-2025:3609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3609"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7497","reference_id":"RHSA-2025:7497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7497"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/210058?format=json","purl":"pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210090?format=json","purl":"pkg:deb/debian/tomcat9@9.0.43-2~deb11u11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210056?format=json","purl":"pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210061?format=json","purl":"pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210059?format=json","purl":"pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.115-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210060?format=json","purl":"pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.118-1%3Fdistro=trixie"}],"aliases":["CVE-2024-52316","GHSA-xcpr-7mr4-h4xq"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nafh-ss66-efc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6671?format=json","vulnerability_id":"VCID-wpew-vv5h-r7c5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50379.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50379.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50379","reference_id":"","reference_type":"","scores":[{"value":"0.84776","scoring_system":"epss","scoring_elements":"0.99355","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50379"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f"},{"reference_url":"https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00"},{"reference_url":"https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41"},{"reference_url":"https://github.com/apache/tomcat/commit/684247ae85fa633b9197b32391de59fc54703842","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/684247ae85fa633b9197b32391de59fc54703842"},{"reference_url":"https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2"},{"reference_url":"https://github.com/apache/tomcat/commit/cc7a98b57c6dc1df21979fcff94a36e068f4456c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/cc7a98b57c6dc1df21979fcff94a36e068f4456c"},{"reference_url":"https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-17T16:54:54Z/"}],"url":"https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50379","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50379"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250103-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250103-0003"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/17/4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/17/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/18/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/18/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2332817","reference_id":"2332817","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2332817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379","reference_id":"CVE-2024-50379","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379"},{"reference_url":"https://github.com/advisories/GHSA-5j33-cvvr-w245","reference_id":"GHSA-5j33-cvvr-w245","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5j33-cvvr-w245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0342","reference_id":"RHSA-2025:0342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0343","reference_id":"RHSA-2025:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0361","reference_id":"RHSA-2025:0361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0362","reference_id":"RHSA-2025:0362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1920","reference_id":"RHSA-2025:1920","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1920"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3645","reference_id":"RHSA-2025:3645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3646","reference_id":"RHSA-2025:3646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3647","reference_id":"RHSA-2025:3647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3683","reference_id":"RHSA-2025:3683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3684","reference_id":"RHSA-2025:3684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3684"},{"reference_url":"https://usn.ubuntu.com/7705-1/","reference_id":"USN-7705-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7705-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/210058?format=json","purl":"pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210090?format=json","purl":"pkg:deb/debian/tomcat9@9.0.43-2~deb11u11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210056?format=json","purl":"pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210061?format=json","purl":"pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210059?format=json","purl":"pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.115-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/210060?format=json","purl":"pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.118-1%3Fdistro=trixie"}],"aliases":["CVE-2024-50379","GHSA-5j33-cvvr-w245"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpew-vv5h-r7c5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u11%3Fdistro=trixie"}