{"url":"http://public2.vulnerablecode.io/api/packages/380943?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.86","type":"maven","namespace":"org.apache.tomcat","name":"tomcat-catalina","version":"8.5.86","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.0.0.M14","latest_non_vulnerable_version":"11.0.22","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28594?format=json","vulnerability_id":"VCID-2n2k-sh22-fkfw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41284","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21313","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41284"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/17dacd9aa48628da2eba37a9ab743c0b6c71685c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/17dacd9aa48628da2eba37a9ab743c0b6c71685c"},{"reference_url":"https://github.com/apache/tomcat/commit/a96fffd18487a29c0a30d36f00cb2b2d91f6d42c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a96fffd18487a29c0a30d36f00cb2b2d91f6d42c"},{"reference_url":"https://github.com/apache/tomcat/commit/b3d1c1c239142e806be0b7329d304b94a58913ed","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b3d1c1c239142e806be0b7329d304b94a58913ed"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41284","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41284"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/12"},{"reference_url":"https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc","reference_id":"2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:57:41Z/"}],"url":"https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284","reference_id":"CVE-2026-41284","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284"},{"reference_url":"https://github.com/advisories/GHSA-gx5v-xp9w-j4cg","reference_id":"GHSA-gx5v-xp9w-j4cg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gx5v-xp9w-j4cg"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375375?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/375376?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/375377?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22"}],"aliases":["CVE-2026-41284","GHSA-gx5v-xp9w-j4cg"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2n2k-sh22-fkfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21452?format=json","vulnerability_id":"VCID-5wbm-3x72-17b6","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52316","reference_id":"","reference_type":"","scores":[{"value":"0.01982","scoring_system":"epss","scoring_elements":"0.83952","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14"},{"reference_url":"https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223"},{"reference_url":"https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52316","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52316"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250124-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250124-0003"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/11/18/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/11/18/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2326972","reference_id":"2326972","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2326972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316","reference_id":"CVE-2024-52316","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316"},{"reference_url":"https://github.com/advisories/GHSA-xcpr-7mr4-h4xq","reference_id":"GHSA-xcpr-7mr4-h4xq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xcpr-7mr4-h4xq"},{"reference_url":"https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928","reference_id":"lopzlqh91jj9n334g02om08sbysdb928","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-18T14:50:59Z/"}],"url":"https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3608","reference_id":"RHSA-2025:3608","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3608"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3609","reference_id":"RHSA-2025:3609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3609"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7497","reference_id":"RHSA-2025:7497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7497"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372894?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.96","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.96"},{"url":"http://public2.vulnerablecode.io/api/packages/372895?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.30"},{"url":"http://public2.vulnerablecode.io/api/packages/372896?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1"}],"aliases":["CVE-2024-52316","GHSA-xcpr-7mr4-h4xq"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5wbm-3x72-17b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25635?format=json","vulnerability_id":"VCID-63vc-sc11-8kf1","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55754.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55754","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33185","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55754"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2"},{"reference_url":"https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"},{"reference_url":"https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/27/5","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/27/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406590","reference_id":"2406590","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754","reference_id":"CVE-2025-55754","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55754","reference_id":"CVE-2025-55754","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55754"},{"reference_url":"https://github.com/advisories/GHSA-vfww-5hm6-hx2j","reference_id":"GHSA-vfww-5hm6-hx2j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfww-5hm6-hx2j"},{"reference_url":"https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd","reference_id":"j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T04:55:55Z/"}],"url":"https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18536","reference_id":"RHSA-2026:18536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18537","reference_id":"RHSA-2026:18537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18916","reference_id":"RHSA-2026:18916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2740","reference_id":"RHSA-2026:2740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2741","reference_id":"RHSA-2026:2741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21516?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-4tdx-52h3-bkfj"},{"vulnerability":"VCID-5hp9-mbcu-2bdt"},{"vulnerability":"VCID-5wbm-3x72-17b6"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-d1px-uadx-vqdx"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m7b3-kxzn-t7hj"},{"vulnerability":"VCID-rxdf-fjd8-6yhk"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-xjen-b9ss-33by"},{"vulnerability":"VCID-znw1-bajd-7yfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M1"},{"url":"http://public2.vulnerablecode.io/api/packages/34779?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.109","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.109"},{"url":"http://public2.vulnerablecode.io/api/packages/34785?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.45"},{"url":"http://public2.vulnerablecode.io/api/packages/34761?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.11"}],"aliases":["CVE-2025-55754","GHSA-vfww-5hm6-hx2j"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63vc-sc11-8kf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28596?format=json","vulnerability_id":"VCID-697g-gcg9-zyaa","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41293.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41293.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41293","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22276","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41293"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/19f17a257797e8d139b33ff9c88d362a273be148","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/19f17a257797e8d139b33ff9c88d362a273be148"},{"reference_url":"https://github.com/apache/tomcat/commit/1c70480466572c9192ed412ebefcd43fc63137fd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1c70480466572c9192ed412ebefcd43fc63137fd"},{"reference_url":"https://github.com/apache/tomcat/commit/2a2476460e823789f530a22207873ea8cd6eff3b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2a2476460e823789f530a22207873ea8cd6eff3b"},{"reference_url":"https://github.com/apache/tomcat/commit/3915fd27e6810b14ccd21e3d900bd8faef44d3df","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3915fd27e6810b14ccd21e3d900bd8faef44d3df"},{"reference_url":"https://github.com/apache/tomcat/commit/57c2b3bfd62792631e1df24cf4237b990a0b36fa","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/57c2b3bfd62792631e1df24cf4237b990a0b36fa"},{"reference_url":"https://github.com/apache/tomcat/commit/c2925554c677da57390f940d856871e18daaacab","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c2925554c677da57390f940d856871e18daaacab"},{"reference_url":"https://github.com/apache/tomcat/commit/cf9452443bcbf3b1a4b435ef7d624364f1b65ca3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/cf9452443bcbf3b1a4b435ef7d624364f1b65ca3"},{"reference_url":"https://github.com/apache/tomcat/commit/e5cef9618c3f4fd31bd6fb1e83f0f18022280dac","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e5cef9618c3f4fd31bd6fb1e83f0f18022280dac"},{"reference_url":"https://github.com/apache/tomcat/commit/f72a6174ab1f0f5a053435f80448b4f6837fe6d7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f72a6174ab1f0f5a053435f80448b4f6837fe6d7"},{"reference_url":"https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41293","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41293"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/13","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/13"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476513","reference_id":"2476513","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293","reference_id":"CVE-2026-41293","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293"},{"reference_url":"https://github.com/advisories/GHSA-r29c-68gh-xp6x","reference_id":"GHSA-r29c-68gh-xp6x","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r29c-68gh-xp6x"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375375?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/375376?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/375377?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22"}],"aliases":["CVE-2026-41293","GHSA-r29c-68gh-xp6x"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-697g-gcg9-zyaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25633?format=json","vulnerability_id":"VCID-6wqu-jupw-tyhu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55752","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51126","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55752"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06"},{"reference_url":"https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df"},{"reference_url":"https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/27/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/27/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406591","reference_id":"2406591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752","reference_id":"CVE-2025-55752","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55752","reference_id":"CVE-2025-55752","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55752"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability","reference_id":"CVE-2025-55752-DETECT-APACHE-TOMCAT-VULNERABILITY","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability","reference_id":"CVE-2025-55752-MITIGATE-APACHE-TOMCAT-VULNERABILITY","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability"},{"reference_url":"https://github.com/advisories/GHSA-wmwf-9ccg-fff5","reference_id":"GHSA-wmwf-9ccg-fff5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wmwf-9ccg-fff5"},{"reference_url":"https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog","reference_id":"n05kjcwyj1s45ovs8ll1qrrojhfb1tog","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T03:56:06Z/"}],"url":"https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19809","reference_id":"RHSA-2025:19809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19810","reference_id":"RHSA-2025:19810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22924","reference_id":"RHSA-2025:22924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22925","reference_id":"RHSA-2025:22925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23044","reference_id":"RHSA-2025:23044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23045","reference_id":"RHSA-2025:23045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23046","reference_id":"RHSA-2025:23046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23047","reference_id":"RHSA-2025:23047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23048","reference_id":"RHSA-2025:23048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23049","reference_id":"RHSA-2025:23049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23050","reference_id":"RHSA-2025:23050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23051","reference_id":"RHSA-2025:23051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23052","reference_id":"RHSA-2025:23052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23053","reference_id":"RHSA-2025:23053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23225","reference_id":"RHSA-2025:23225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0292","reference_id":"RHSA-2026:0292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0292"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0293","reference_id":"RHSA-2026:0293","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0293"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2724","reference_id":"RHSA-2026:2724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2725","reference_id":"RHSA-2026:2725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2726","reference_id":"RHSA-2026:2726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34779?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.109","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.109"},{"url":"http://public2.vulnerablecode.io/api/packages/34785?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.45"},{"url":"http://public2.vulnerablecode.io/api/packages/34761?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.11"}],"aliases":["CVE-2025-55752","GHSA-wmwf-9ccg-fff5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6wqu-jupw-tyhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27439?format=json","vulnerability_id":"VCID-7wr9-uez1-8bdg","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25854","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10241","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25854"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695"},{"reference_url":"https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2"},{"reference_url":"https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25854","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25854"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/21","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/21"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457039","reference_id":"2457039","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854","reference_id":"CVE-2026-25854","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854"},{"reference_url":"https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0","reference_id":"ghct3b6o74bp2vm7q875s1zh0dqrz3h0","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:57Z/"}],"url":"https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0"},{"reference_url":"https://github.com/advisories/GHSA-9m3c-qcxr-9x87","reference_id":"GHSA-9m3c-qcxr-9x87","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9m3c-qcxr-9x87"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373466?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/373899?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/373900?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.20"}],"aliases":["CVE-2026-25854","GHSA-9m3c-qcxr-9x87"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wr9-uez1-8bdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29213?format=json","vulnerability_id":"VCID-97et-ubnp-wqcy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43512.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43512.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43512","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33696","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43512"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat/commit/3d4d3fae07a6cd9c2eb193c5491001740ec64448","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3d4d3fae07a6cd9c2eb193c5491001740ec64448"},{"reference_url":"https://github.com/apache/tomcat/commit/6565a6cb6499e56fe2f34457cec99f9d1c4f39e9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6565a6cb6499e56fe2f34457cec99f9d1c4f39e9"},{"reference_url":"https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43512","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43512"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476511","reference_id":"2476511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476511"},{"reference_url":"https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73","reference_id":"7x09x7o12solvclslw3sz0288xc8wx73","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:38:42Z/"}],"url":"https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512","reference_id":"CVE-2026-43512","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512"},{"reference_url":"https://github.com/advisories/GHSA-h6fc-48rj-7qqh","reference_id":"GHSA-h6fc-48rj-7qqh","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h6fc-48rj-7qqh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13745","reference_id":"RHSA-2026:13745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16528","reference_id":"RHSA-2026:16528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25123","reference_id":"RHSA-2026:25123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25123"},{"reference_url":"https://usn.ubuntu.com/8383-1/","reference_id":"USN-8383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8383-1/"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375375?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/375376?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/375377?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22"}],"aliases":["CVE-2026-43512","GHSA-h6fc-48rj-7qqh"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-97et-ubnp-wqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28669?format=json","vulnerability_id":"VCID-9xyf-k9wq-g7b9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42498","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15929","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42498"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/169d725788ea6aec217ecac70fe4161c837ba423","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/169d725788ea6aec217ecac70fe4161c837ba423"},{"reference_url":"https://github.com/apache/tomcat/commit/6cbe274592ef2d11607b5b188e1df649de52f8d5","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6cbe274592ef2d11607b5b188e1df649de52f8d5"},{"reference_url":"https://github.com/apache/tomcat/commit/b7b173694d588ddcfa432f079baf763cbbbaa5c4","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b7b173694d588ddcfa432f079baf763cbbbaa5c4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42498","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42498"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/14","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/14"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498","reference_id":"CVE-2026-42498","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498"},{"reference_url":"https://github.com/advisories/GHSA-fv25-8xcx-gqjc","reference_id":"GHSA-fv25-8xcx-gqjc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fv25-8xcx-gqjc"},{"reference_url":"https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb","reference_id":"n61zwf75jrv09rz90j4jssncm244bwdb","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:58:45Z/"}],"url":"https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375375?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/375376?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/375377?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22"}],"aliases":["CVE-2026-42498","GHSA-fv25-8xcx-gqjc"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyf-k9wq-g7b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29216?format=json","vulnerability_id":"VCID-dj7q-4map-ebg4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43515","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26417","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43515"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0659748659ec75253fea5aac72cab6f94e79c419","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/0659748659ec75253fea5aac72cab6f94e79c419"},{"reference_url":"https://github.com/apache/tomcat/commit/276087d9c7abbcecc6c4fb4e4b08cf64780c6e36","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/276087d9c7abbcecc6c4fb4e4b08cf64780c6e36"},{"reference_url":"https://github.com/apache/tomcat/commit/c621317382682206fb58ab92ebd3e1b6fdd10ce9","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c621317382682206fb58ab92ebd3e1b6fdd10ce9"},{"reference_url":"https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43515","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43515"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/11","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/11"},{"reference_url":"https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb","reference_id":"746nxfxod0wsocxtmv8pb8nkgmwpc6bb","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:33:57Z/"}],"url":"https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515","reference_id":"CVE-2026-43515","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515"},{"reference_url":"https://github.com/advisories/GHSA-5m62-pw8w-7w9f","reference_id":"GHSA-5m62-pw8w-7w9f","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5m62-pw8w-7w9f"},{"reference_url":"https://usn.ubuntu.com/8383-1/","reference_id":"USN-8383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8383-1/"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375375?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/375376?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/375377?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22"}],"aliases":["CVE-2026-43515","GHSA-5m62-pw8w-7w9f"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dj7q-4map-ebg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29214?format=json","vulnerability_id":"VCID-hv33-kv9q-gugf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43513","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24017","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43513"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4a90d3fa93988c447cd5bb7482f76ff70d7f15c2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4a90d3fa93988c447cd5bb7482f76ff70d7f15c2"},{"reference_url":"https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717"},{"reference_url":"https://github.com/apache/tomcat/commit/83f3e51df7b87f5f6e626951c575ded1a512e8ef","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/83f3e51df7b87f5f6e626951c575ded1a512e8ef"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43513"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/9"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513","reference_id":"CVE-2026-43513","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513"},{"reference_url":"https://github.com/advisories/GHSA-5mp6-jrq3-r938","reference_id":"GHSA-5mp6-jrq3-r938","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5mp6-jrq3-r938"},{"reference_url":"https://usn.ubuntu.com/8383-1/","reference_id":"USN-8383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8383-1/"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"},{"reference_url":"https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp","reference_id":"ytjcgldshj73lcnd1sh95od5hrghwogp","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T16:34:43Z/"}],"url":"https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375375?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/375376?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/375377?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22"}],"aliases":["CVE-2026-43513","GHSA-5mp6-jrq3-r938"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hv33-kv9q-gugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25782?format=json","vulnerability_id":"VCID-keh1-ycs9-ybdd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61795","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31943","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61795"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"},{"reference_url":"https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0"},{"reference_url":"https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/27/6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/27/6"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293","reference_id":"1119293","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294","reference_id":"1119294","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406588","reference_id":"2406588","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406588"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795","reference_id":"CVE-2025-61795","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61795","reference_id":"CVE-2025-61795","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61795"},{"reference_url":"https://github.com/advisories/GHSA-hgrr-935x-pq79","reference_id":"GHSA-hgrr-935x-pq79","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgrr-935x-pq79"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19809","reference_id":"RHSA-2025:19809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19810","reference_id":"RHSA-2025:19810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23050","reference_id":"RHSA-2025:23050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23051","reference_id":"RHSA-2025:23051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"},{"reference_url":"https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp","reference_id":"wm9mx8brmx9g4zpywm06ryrtvd3160pp","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T18:48:52Z/"}],"url":"https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34781?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.110","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.110"},{"url":"http://public2.vulnerablecode.io/api/packages/34769?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.47","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.47"},{"url":"http://public2.vulnerablecode.io/api/packages/34795?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.12"}],"aliases":["CVE-2025-61795","GHSA-hgrr-935x-pq79"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-keh1-ycs9-ybdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21714?format=json","vulnerability_id":"VCID-ngy5-k9cv-rkbn","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54677","reference_id":"","reference_type":"","scores":[{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79562","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54677"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd"},{"reference_url":"https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d"},{"reference_url":"https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4"},{"reference_url":"https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a"},{"reference_url":"https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746"},{"reference_url":"https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd"},{"reference_url":"https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c"},{"reference_url":"https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1"},{"reference_url":"https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc"},{"reference_url":"https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654"},{"reference_url":"https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e"},{"reference_url":"https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533"},{"reference_url":"https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a"},{"reference_url":"https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1"},{"reference_url":"https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408"},{"reference_url":"https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66"},{"reference_url":"https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a"},{"reference_url":"https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044"},{"reference_url":"https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213"},{"reference_url":"https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb"},{"reference_url":"https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444"},{"reference_url":"https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585"},{"reference_url":"https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54677","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54677"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250131-0006","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250131-0006"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/17/5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/17/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/17/6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/17/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/18/1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/18/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2332815","reference_id":"2332815","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2332815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677","reference_id":"CVE-2024-54677","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677"},{"reference_url":"https://github.com/advisories/GHSA-653p-vg55-5652","reference_id":"GHSA-653p-vg55-5652","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-653p-vg55-5652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7497","reference_id":"RHSA-2025:7497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7497"},{"reference_url":"https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n","reference_id":"tdtbbxpg5trdwc2wnopcth9ccvdftq2n","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-17T16:41:40Z/"}],"url":"https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n"},{"reference_url":"https://usn.ubuntu.com/7705-1/","reference_id":"USN-7705-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7705-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21516?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-4tdx-52h3-bkfj"},{"vulnerability":"VCID-5hp9-mbcu-2bdt"},{"vulnerability":"VCID-5wbm-3x72-17b6"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-d1px-uadx-vqdx"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m7b3-kxzn-t7hj"},{"vulnerability":"VCID-rxdf-fjd8-6yhk"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-xjen-b9ss-33by"},{"vulnerability":"VCID-znw1-bajd-7yfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M1"}],"aliases":["CVE-2024-54677","GHSA-653p-vg55-5652"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngy5-k9cv-rkbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29215?format=json","vulnerability_id":"VCID-s2kf-jwgc-pfas","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43514.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43514.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43514","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27214","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43514"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/2e676264ce27448a4d4841e42c1238bd10ca3755","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/2e676264ce27448a4d4841e42c1238bd10ca3755"},{"reference_url":"https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa"},{"reference_url":"https://github.com/apache/tomcat/commit/a102a2a157868ca51d83eaf5a119ccd9976a113e","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a102a2a157868ca51d83eaf5a119ccd9976a113e"},{"reference_url":"https://github.com/apache/tomcat/commit/a90c358400c133b6173c6b26591923bf814a8508","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/a90c358400c133b6173c6b26591923bf814a8508"},{"reference_url":"https://github.com/apache/tomcat/commit/d35d9d23263c8e4af561f615c960c91697ff200e","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d35d9d23263c8e4af561f615c960c91697ff200e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43514","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43514"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/10","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476512","reference_id":"2476512","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476512"},{"reference_url":"https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m","reference_id":"2k654v5cq123npfsd1b2kk1y30owqb1m","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:22:38Z/"}],"url":"https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514","reference_id":"CVE-2026-43514","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514"},{"reference_url":"https://github.com/advisories/GHSA-9m89-8frq-c98c","reference_id":"GHSA-9m89-8frq-c98c","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9m89-8frq-c98c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375375?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/375376?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/375377?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.22"}],"aliases":["CVE-2026-43514","GHSA-9m89-8frq-c98c"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s2kf-jwgc-pfas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27398?format=json","vulnerability_id":"VCID-t8tc-zb3w-57gv","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38954","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a"},{"reference_url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb"},{"reference_url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5"},{"reference_url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c"},{"reference_url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522"},{"reference_url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/20"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040","reference_id":"2457040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040"},{"reference_url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn","reference_id":"2c682qnlg2tv4o5knlggqbl9yc2gb5sn","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/"}],"url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880","reference_id":"CVE-2026-24880","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880"},{"reference_url":"https://github.com/advisories/GHSA-563x-q5rq-57qp","reference_id":"GHSA-563x-q5rq-57qp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-563x-q5rq-57qp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373466?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/1002244?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-8sda-scr3-qfex"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-r6yr-45cm-8ucv"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.52"},{"url":"http://public2.vulnerablecode.io/api/packages/373900?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.20"}],"aliases":["CVE-2026-24880","GHSA-563x-q5rq-57qp"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8tc-zb3w-57gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15813?format=json","vulnerability_id":"VCID-uyc3-3cnp-wqf3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41080","reference_id":"","reference_type":"","scores":[{"value":"0.11586","scoring_system":"epss","scoring_elements":"0.93808","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41080"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b"},{"reference_url":"https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b"},{"reference_url":"https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27"},{"reference_url":"https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41080","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41080"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230921-0006","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230921-0006"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235370","reference_id":"2235370","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235370"},{"reference_url":"https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f","reference_id":"71wvwprtx2j2m54fovq9zr7gbm2wow2f","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:42:58Z/"}],"url":"https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080","reference_id":"CVE-2023-41080","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080"},{"reference_url":"https://github.com/advisories/GHSA-q3mw-pvr8-9ggc","reference_id":"GHSA-q3mw-pvr8-9ggc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3mw-pvr8-9ggc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5946","reference_id":"RHSA-2023:5946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7622","reference_id":"RHSA-2023:7622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7623","reference_id":"RHSA-2023:7623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7678","reference_id":"RHSA-2023:7678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0125","reference_id":"RHSA-2024:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0474","reference_id":"RHSA-2024:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1324","reference_id":"RHSA-2024:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1325","reference_id":"RHSA-2024:1325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4631","reference_id":"RHSA-2024:4631","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4631"},{"reference_url":"https://usn.ubuntu.com/7106-1/","reference_id":"USN-7106-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7106-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380767?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.93","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-5wbm-3x72-17b6"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.93"},{"url":"http://public2.vulnerablecode.io/api/packages/380766?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.80","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-5wbm-3x72-17b6"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.80"},{"url":"http://public2.vulnerablecode.io/api/packages/380765?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-5wbm-3x72-17b6"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.13"}],"aliases":["CVE-2023-41080","GHSA-q3mw-pvr8-9ggc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyc3-3cnp-wqf3"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15343?format=json","vulnerability_id":"VCID-xgqg-vgr9-e3gm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28708.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28708","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28896","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28708"},{"reference_url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=66471","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab"},{"reference_url":"https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510"},{"reference_url":"https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f"},{"reference_url":"https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28708","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28708"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230331-0012","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230331-0012"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2180856","reference_id":"2180856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2180856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28708","reference_id":"CVE-2023-28708","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28708"},{"reference_url":"https://github.com/advisories/GHSA-2c9m-w27f-53rm","reference_id":"GHSA-2c9m-w27f-53rm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2c9m-w27f-53rm"},{"reference_url":"https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67","reference_id":"hdksc59z3s7tm39x0pp33mtwdrt8qr67","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:33:37Z/"}],"url":"https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4909","reference_id":"RHSA-2023:4909","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4909"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4910","reference_id":"RHSA-2023:4910","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4910"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6570","reference_id":"RHSA-2023:6570","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6570"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7065","reference_id":"RHSA-2023:7065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7065"},{"reference_url":"https://usn.ubuntu.com/7106-1/","reference_id":"USN-7106-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7106-1/"},{"reference_url":"https://usn.ubuntu.com/7562-1/","reference_id":"USN-7562-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7562-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380943?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.86","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-5wbm-3x72-17b6"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.86"},{"url":"http://public2.vulnerablecode.io/api/packages/380942?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.72","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-5wbm-3x72-17b6"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.72"},{"url":"http://public2.vulnerablecode.io/api/packages/380941?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-5wbm-3x72-17b6"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/380940?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.0-M3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-5wbm-3x72-17b6"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.0-M3"}],"aliases":["CVE-2023-28708","GHSA-2c9m-w27f-53rm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xgqg-vgr9-e3gm"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.86"}