{"url":"http://public2.vulnerablecode.io/api/packages/451958?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.96","type":"maven","namespace":"org.apache.tomcat","name":"tomcat","version":"7.0.96","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"8.0.4","latest_non_vulnerable_version":"11.0.22","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28594?format=json","vulnerability_id":"VCID-2n2k-sh22-fkfw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41284","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21313","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41284"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/17dacd9aa48628da2eba37a9ab743c0b6c71685c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/17dacd9aa48628da2eba37a9ab743c0b6c71685c"},{"reference_url":"https://github.com/apache/tomcat/commit/a96fffd18487a29c0a30d36f00cb2b2d91f6d42c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a96fffd18487a29c0a30d36f00cb2b2d91f6d42c"},{"reference_url":"https://github.com/apache/tomcat/commit/b3d1c1c239142e806be0b7329d304b94a58913ed","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b3d1c1c239142e806be0b7329d304b94a58913ed"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41284","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41284"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/12"},{"reference_url":"https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc","reference_id":"2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:57:41Z/"}],"url":"https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284","reference_id":"CVE-2026-41284","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284"},{"reference_url":"https://github.com/advisories/GHSA-gx5v-xp9w-j4cg","reference_id":"GHSA-gx5v-xp9w-j4cg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gx5v-xp9w-j4cg"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-41284","GHSA-gx5v-xp9w-j4cg"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2n2k-sh22-fkfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6603?format=json","vulnerability_id":"VCID-5nu4-5ude-4yhc","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17563.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17563.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17563","reference_id":"","reference_type":"","scores":[{"value":"0.04359","scoring_system":"epss","scoring_elements":"0.8919","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17563"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652"},{"reference_url":"https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c"},{"reference_url":"https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e@%3Cissues.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e@%3Cissues.cxf.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Dec/43","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Dec/43"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200107-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200107-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200107-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200107-0001/"},{"reference_url":"https://usn.ubuntu.com/4251-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4251-1"},{"reference_url":"https://usn.ubuntu.com/4251-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4251-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4596","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4596"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785711","reference_id":"1785711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785711"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563","reference_id":"CVE-2019-17563","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17563","reference_id":"CVE-2019-17563","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17563"},{"reference_url":"https://github.com/advisories/GHSA-9xcj-c8cr-8c3c","reference_id":"GHSA-9xcj-c8cr-8c3c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9xcj-c8cr-8c3c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0860","reference_id":"RHSA-2020:0860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0861","reference_id":"RHSA-2020:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1520","reference_id":"RHSA-2020:1520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1521","reference_id":"RHSA-2020:1521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4004","reference_id":"RHSA-2020:4004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0882","reference_id":"RHSA-2021:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1030","reference_id":"RHSA-2021:1030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1030"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/896?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.99","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bv5e-eycn-n7e2"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-yg5s-2fsb-gub2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.99"},{"url":"http://public2.vulnerablecode.io/api/packages/689?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bv5e-eycn-n7e2"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.50"},{"url":"http://public2.vulnerablecode.io/api/packages/544?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bv5e-eycn-n7e2"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yg5s-2fsb-gub2"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.30"}],"aliases":["CVE-2019-17563","GHSA-9xcj-c8cr-8c3c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5nu4-5ude-4yhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28596?format=json","vulnerability_id":"VCID-697g-gcg9-zyaa","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41293.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41293.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41293","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22276","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41293"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/19f17a257797e8d139b33ff9c88d362a273be148","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/19f17a257797e8d139b33ff9c88d362a273be148"},{"reference_url":"https://github.com/apache/tomcat/commit/1c70480466572c9192ed412ebefcd43fc63137fd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1c70480466572c9192ed412ebefcd43fc63137fd"},{"reference_url":"https://github.com/apache/tomcat/commit/2a2476460e823789f530a22207873ea8cd6eff3b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2a2476460e823789f530a22207873ea8cd6eff3b"},{"reference_url":"https://github.com/apache/tomcat/commit/3915fd27e6810b14ccd21e3d900bd8faef44d3df","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3915fd27e6810b14ccd21e3d900bd8faef44d3df"},{"reference_url":"https://github.com/apache/tomcat/commit/57c2b3bfd62792631e1df24cf4237b990a0b36fa","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/57c2b3bfd62792631e1df24cf4237b990a0b36fa"},{"reference_url":"https://github.com/apache/tomcat/commit/c2925554c677da57390f940d856871e18daaacab","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c2925554c677da57390f940d856871e18daaacab"},{"reference_url":"https://github.com/apache/tomcat/commit/cf9452443bcbf3b1a4b435ef7d624364f1b65ca3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/cf9452443bcbf3b1a4b435ef7d624364f1b65ca3"},{"reference_url":"https://github.com/apache/tomcat/commit/e5cef9618c3f4fd31bd6fb1e83f0f18022280dac","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e5cef9618c3f4fd31bd6fb1e83f0f18022280dac"},{"reference_url":"https://github.com/apache/tomcat/commit/f72a6174ab1f0f5a053435f80448b4f6837fe6d7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f72a6174ab1f0f5a053435f80448b4f6837fe6d7"},{"reference_url":"https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41293","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41293"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/13","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/13"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476513","reference_id":"2476513","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293","reference_id":"CVE-2026-41293","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293"},{"reference_url":"https://github.com/advisories/GHSA-r29c-68gh-xp6x","reference_id":"GHSA-r29c-68gh-xp6x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r29c-68gh-xp6x"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-41293","GHSA-r29c-68gh-xp6x"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-697g-gcg9-zyaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63534?format=json","vulnerability_id":"VCID-824z-m36f-87ea","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1935.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1935.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1935","reference_id":"","reference_type":"","scores":[{"value":"0.01382","scoring_system":"epss","scoring_elements":"0.80716","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1935"},{"reference_url":"https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d"},{"reference_url":"https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26"},{"reference_url":"https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56"},{"reference_url":"https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200327-0005","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200327-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200327-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200327-0005/"},{"reference_url":"https://usn.ubuntu.com/4448-1","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4448-1"},{"reference_url":"https://usn.ubuntu.com/4448-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4448-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1806835","reference_id":"1806835","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1806835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935","reference_id":"CVE-2020-1935","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1935","reference_id":"CVE-2020-1935","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1935"},{"reference_url":"https://github.com/advisories/GHSA-qxf4-chvg-4r8r","reference_id":"GHSA-qxf4-chvg-4r8r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qxf4-chvg-4r8r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1520","reference_id":"RHSA-2020:1520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1521","reference_id":"RHSA-2020:1521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2367","reference_id":"RHSA-2020:2367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3303","reference_id":"RHSA-2020:3303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3305","reference_id":"RHSA-2020:3305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4847","reference_id":"RHSA-2020:4847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5020","reference_id":"RHSA-2020:5020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0882","reference_id":"RHSA-2021:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1030","reference_id":"RHSA-2021:1030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3140","reference_id":"RHSA-2021:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3140"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/897?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.100","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-yg5s-2fsb-gub2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.100"},{"url":"http://public2.vulnerablecode.io/api/packages/740?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.51"},{"url":"http://public2.vulnerablecode.io/api/packages/590?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yg5s-2fsb-gub2"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.31"}],"aliases":["CVE-2020-1935","GHSA-qxf4-chvg-4r8r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-824z-m36f-87ea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29213?format=json","vulnerability_id":"VCID-97et-ubnp-wqcy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43512.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43512.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43512","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33696","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43512"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat/commit/3d4d3fae07a6cd9c2eb193c5491001740ec64448","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3d4d3fae07a6cd9c2eb193c5491001740ec64448"},{"reference_url":"https://github.com/apache/tomcat/commit/6565a6cb6499e56fe2f34457cec99f9d1c4f39e9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6565a6cb6499e56fe2f34457cec99f9d1c4f39e9"},{"reference_url":"https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43512","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43512"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476511","reference_id":"2476511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476511"},{"reference_url":"https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73","reference_id":"7x09x7o12solvclslw3sz0288xc8wx73","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:38:42Z/"}],"url":"https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512","reference_id":"CVE-2026-43512","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512"},{"reference_url":"https://github.com/advisories/GHSA-h6fc-48rj-7qqh","reference_id":"GHSA-h6fc-48rj-7qqh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h6fc-48rj-7qqh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13745","reference_id":"RHSA-2026:13745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16528","reference_id":"RHSA-2026:16528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25123","reference_id":"RHSA-2026:25123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25123"},{"reference_url":"https://usn.ubuntu.com/8383-1/","reference_id":"USN-8383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8383-1/"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-43512","GHSA-h6fc-48rj-7qqh"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-97et-ubnp-wqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28669?format=json","vulnerability_id":"VCID-9xyf-k9wq-g7b9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42498","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15929","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42498"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/169d725788ea6aec217ecac70fe4161c837ba423","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/169d725788ea6aec217ecac70fe4161c837ba423"},{"reference_url":"https://github.com/apache/tomcat/commit/6cbe274592ef2d11607b5b188e1df649de52f8d5","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6cbe274592ef2d11607b5b188e1df649de52f8d5"},{"reference_url":"https://github.com/apache/tomcat/commit/b7b173694d588ddcfa432f079baf763cbbbaa5c4","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b7b173694d588ddcfa432f079baf763cbbbaa5c4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42498","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42498"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/14","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/14"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498","reference_id":"CVE-2026-42498","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498"},{"reference_url":"https://github.com/advisories/GHSA-fv25-8xcx-gqjc","reference_id":"GHSA-fv25-8xcx-gqjc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fv25-8xcx-gqjc"},{"reference_url":"https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb","reference_id":"n61zwf75jrv09rz90j4jssncm244bwdb","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:58:45Z/"}],"url":"https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-42498","GHSA-fv25-8xcx-gqjc"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyf-k9wq-g7b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29216?format=json","vulnerability_id":"VCID-dj7q-4map-ebg4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43515","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26417","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43515"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0659748659ec75253fea5aac72cab6f94e79c419","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/0659748659ec75253fea5aac72cab6f94e79c419"},{"reference_url":"https://github.com/apache/tomcat/commit/276087d9c7abbcecc6c4fb4e4b08cf64780c6e36","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/276087d9c7abbcecc6c4fb4e4b08cf64780c6e36"},{"reference_url":"https://github.com/apache/tomcat/commit/c621317382682206fb58ab92ebd3e1b6fdd10ce9","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c621317382682206fb58ab92ebd3e1b6fdd10ce9"},{"reference_url":"https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43515","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43515"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/11","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/11"},{"reference_url":"https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb","reference_id":"746nxfxod0wsocxtmv8pb8nkgmwpc6bb","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:33:57Z/"}],"url":"https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515","reference_id":"CVE-2026-43515","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515"},{"reference_url":"https://github.com/advisories/GHSA-5m62-pw8w-7w9f","reference_id":"GHSA-5m62-pw8w-7w9f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5m62-pw8w-7w9f"},{"reference_url":"https://usn.ubuntu.com/8383-1/","reference_id":"USN-8383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8383-1/"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-43515","GHSA-5m62-pw8w-7w9f"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dj7q-4map-ebg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29214?format=json","vulnerability_id":"VCID-hv33-kv9q-gugf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43513","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24017","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43513"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4a90d3fa93988c447cd5bb7482f76ff70d7f15c2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4a90d3fa93988c447cd5bb7482f76ff70d7f15c2"},{"reference_url":"https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717"},{"reference_url":"https://github.com/apache/tomcat/commit/83f3e51df7b87f5f6e626951c575ded1a512e8ef","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/83f3e51df7b87f5f6e626951c575ded1a512e8ef"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43513"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/9"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513","reference_id":"CVE-2026-43513","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513"},{"reference_url":"https://github.com/advisories/GHSA-5mp6-jrq3-r938","reference_id":"GHSA-5mp6-jrq3-r938","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5mp6-jrq3-r938"},{"reference_url":"https://usn.ubuntu.com/8383-1/","reference_id":"USN-8383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8383-1/"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"},{"reference_url":"https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp","reference_id":"ytjcgldshj73lcnd1sh95od5hrghwogp","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T16:34:43Z/"}],"url":"https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-43513","GHSA-5mp6-jrq3-r938"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hv33-kv9q-gugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7721?format=json","vulnerability_id":"VCID-p65m-6crd-bufr","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13935","reference_id":"","reference_type":"","scores":[{"value":"0.92155","scoring_system":"epss","scoring_elements":"0.99726","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13935"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5"},{"reference_url":"https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc427c3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc427c3"},{"reference_url":"https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d"},{"reference_url":"https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf723784","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf723784"},{"reference_url":"https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014cc84","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014cc84"},{"reference_url":"https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200724-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200724-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200724-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200724-0003/"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-7.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://usn.ubuntu.com/4448-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4448-1"},{"reference_url":"https://usn.ubuntu.com/4448-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4448-1/"},{"reference_url":"https://usn.ubuntu.com/4596-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4596-1"},{"reference_url":"https://www.debian.org/security/2020/dsa-4727","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4727"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857024","reference_id":"1857024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857024"},{"reference_url":"https://security.archlinux.org/AVG-1205","reference_id":"AVG-1205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935","reference_id":"CVE-2020-13935","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13935","reference_id":"CVE-2020-13935","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13935"},{"reference_url":"https://github.com/advisories/GHSA-m7jv-hq7h-mq7c","reference_id":"GHSA-m7jv-hq7h-mq7c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m7jv-hq7h-mq7c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3303","reference_id":"RHSA-2020:3303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3305","reference_id":"RHSA-2020:3305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3306","reference_id":"RHSA-2020:3306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3308","reference_id":"RHSA-2020:3308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3382","reference_id":"RHSA-2020:3382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3383","reference_id":"RHSA-2020:3383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3806","reference_id":"RHSA-2020:3806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4004","reference_id":"RHSA-2020:4004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3140","reference_id":"RHSA-2021:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5458","reference_id":"RHSA-2022:5458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5459","reference_id":"RHSA-2022:5459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5460","reference_id":"RHSA-2022:5460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5460"},{"reference_url":"https://usn.ubuntu.com/4596-1/","reference_id":"USN-4596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/891?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.105","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-yg5s-2fsb-gub2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.105"},{"url":"http://public2.vulnerablecode.io/api/packages/731?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.57","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-nstu-jfc5-3kgd"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.57"},{"url":"http://public2.vulnerablecode.io/api/packages/581?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-nstu-jfc5-3kgd"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.37"},{"url":"http://public2.vulnerablecode.io/api/packages/439?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nstu-jfc5-3kgd"},{"vulnerability":"VCID-qvgx-r4rr-xugp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7"}],"aliases":["CVE-2020-13935","GHSA-m7jv-hq7h-mq7c"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p65m-6crd-bufr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9170?format=json","vulnerability_id":"VCID-qvgx-r4rr-xugp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-24122.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-24122","reference_id":"","reference_type":"","scores":[{"value":"0.61383","scoring_system":"epss","scoring_elements":"0.98352","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-24122"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2"},{"reference_url":"https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177"},{"reference_url":"https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9"},{"reference_url":"https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533"},{"reference_url":"https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-24122","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-24122"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210212-0008","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210212-0008"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-7.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/01/14/1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/01/14/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1917209","reference_id":"1917209","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1917209"},{"reference_url":"https://security.archlinux.org/AVG-1452","reference_id":"AVG-1452","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122","reference_id":"CVE-2021-24122","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0494","reference_id":"RHSA-2021:0494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0495","reference_id":"RHSA-2021:0495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3425","reference_id":"RHSA-2021:3425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3425"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/883?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.107","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-n5t6-xtd3-hfa7"},{"vulnerability":"VCID-nz4k-nfug-tufw"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-yg5s-2fsb-gub2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.107"},{"url":"http://public2.vulnerablecode.io/api/packages/710?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.60","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bbye-dcrb-t3ev"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.60"},{"url":"http://public2.vulnerablecode.io/api/packages/460?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bbye-dcrb-t3ev"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-x7wn-uamc-6bg5"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.40"},{"url":"http://public2.vulnerablecode.io/api/packages/414?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bbye-dcrb-t3ev"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M10"}],"aliases":["CVE-2021-24122","GHSA-2rvv-w9r2-rg7m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvgx-r4rr-xugp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6165?format=json","vulnerability_id":"VCID-qxbw-zvw5-ckdp","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12418.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12418.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12418","reference_id":"","reference_type":"","scores":[{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65589","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12418"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3"},{"reference_url":"https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00"},{"reference_url":"https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Dec/43","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Dec/43"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200107-0001","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200107-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200107-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200107-0001/"},{"reference_url":"https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS"},{"reference_url":"https://usn.ubuntu.com/4251-1","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4251-1"},{"reference_url":"https://usn.ubuntu.com/4251-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4251-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4596","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4596"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785699","reference_id":"1785699","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418","reference_id":"CVE-2019-12418","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12418","reference_id":"CVE-2019-12418","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12418"},{"reference_url":"https://github.com/advisories/GHSA-hh3j-x4mc-g48r","reference_id":"GHSA-hh3j-x4mc-g48r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hh3j-x4mc-g48r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0860","reference_id":"RHSA-2020:0860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0861","reference_id":"RHSA-2020:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1520","reference_id":"RHSA-2020:1520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1521","reference_id":"RHSA-2020:1521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1521"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/896?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.99","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bv5e-eycn-n7e2"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-yg5s-2fsb-gub2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.99"},{"url":"http://public2.vulnerablecode.io/api/packages/744?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bv5e-eycn-n7e2"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.49"},{"url":"http://public2.vulnerablecode.io/api/packages/594?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bv5e-eycn-n7e2"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yg5s-2fsb-gub2"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.29"}],"aliases":["CVE-2019-12418","GHSA-hh3j-x4mc-g48r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxbw-zvw5-ckdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29215?format=json","vulnerability_id":"VCID-s2kf-jwgc-pfas","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43514.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43514.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43514","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27214","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43514"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/2e676264ce27448a4d4841e42c1238bd10ca3755","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/2e676264ce27448a4d4841e42c1238bd10ca3755"},{"reference_url":"https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa"},{"reference_url":"https://github.com/apache/tomcat/commit/a102a2a157868ca51d83eaf5a119ccd9976a113e","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a102a2a157868ca51d83eaf5a119ccd9976a113e"},{"reference_url":"https://github.com/apache/tomcat/commit/a90c358400c133b6173c6b26591923bf814a8508","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/a90c358400c133b6173c6b26591923bf814a8508"},{"reference_url":"https://github.com/apache/tomcat/commit/d35d9d23263c8e4af561f615c960c91697ff200e","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d35d9d23263c8e4af561f615c960c91697ff200e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43514","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43514"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/10","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476512","reference_id":"2476512","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476512"},{"reference_url":"https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m","reference_id":"2k654v5cq123npfsd1b2kk1y30owqb1m","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:22:38Z/"}],"url":"https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514","reference_id":"CVE-2026-43514","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514"},{"reference_url":"https://github.com/advisories/GHSA-9m89-8frq-c98c","reference_id":"GHSA-9m89-8frq-c98c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9m89-8frq-c98c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-43514","GHSA-9m89-8frq-c98c"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s2kf-jwgc-pfas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8030?format=json","vulnerability_id":"VCID-t7xw-r7rz-u3g5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1938.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1938.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1938","reference_id":"","reference_type":"","scores":[{"value":"0.94469","scoring_system":"epss","scoring_elements":"0.99998","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1938"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/03c436126db6794db5277a3b3d871016fb9a3f23","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/03c436126db6794db5277a3b3d871016fb9a3f23"},{"reference_url":"https://github.com/apache/tomcat/commit/0d633e72ebc7b3c242d0081c23bba5e4dacd9b72","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/0d633e72ebc7b3c242d0081c23bba5e4dacd9b72"},{"reference_url":"https://github.com/apache/tomcat/commit/0e8a50f0a5958744bea1fd6768c862e04d3b7e75","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/0e8a50f0a5958744bea1fd6768c862e04d3b7e75"},{"reference_url":"https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2"},{"reference_url":"https://github.com/apache/tomcat/commit/49ad3f954f69c6e838c8cd112ad79aa5fa8e7153","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/49ad3f954f69c6e838c8cd112ad79aa5fa8e7153"},{"reference_url":"https://github.com/apache/tomcat/commit/5a5494f023e81aa353e262fb14fff4cd0338a67c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5a5494f023e81aa353e262fb14fff4cd0338a67c"},{"reference_url":"https://github.com/apache/tomcat/commit/64159aa1d7cdc2c118fcb5eac098e70129d54a19","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/64159aa1d7cdc2c118fcb5eac098e70129d54a19"},{"reference_url":"https://github.com/apache/tomcat/commit/64fa5b99442589ef0bf2a7fcd71ad2bc68b35fad","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/64fa5b99442589ef0bf2a7fcd71ad2bc68b35fad"},{"reference_url":"https://github.com/apache/tomcat/commit/69c56080fb3355507e1b55d014ec0ee6767a6150","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/69c56080fb3355507e1b55d014ec0ee6767a6150"},{"reference_url":"https://github.com/apache/tomcat/commit/7a1406a3cd20fdd90656add6cd8f27ef8f24e957","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/7a1406a3cd20fdd90656add6cd8f27ef8f24e957"},{"reference_url":"https://github.com/apache/tomcat/commit/9ac90532e9a7d239f90952edb229b07c80a9a3eb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/9ac90532e9a7d239f90952edb229b07c80a9a3eb"},{"reference_url":"https://github.com/apache/tomcat/commit/9be57601efb8a81e3832feb0dd60b1eb9d2b61d5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/9be57601efb8a81e3832feb0dd60b1eb9d2b61d5"},{"reference_url":"https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75"},{"reference_url":"https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba"},{"reference_url":"https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645"},{"reference_url":"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e@%3Cdev.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e@%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a@%3Cusers.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a@%3Cusers.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7@%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7@%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca@%3Cbugs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca@%3Cbugs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200226-0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200226-0002"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1806398","reference_id":"1806398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1806398"},{"reference_url":"https://security.gentoo.org/glsa/202003-43","reference_id":"202003-43","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://security.gentoo.org/glsa/202003-43"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/","reference_id":"2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952437","reference_id":"952437","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952437"},{"reference_url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000062739","reference_id":"articleDetail?articleNumber=000062739","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000062739"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"cpujan2021.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"cpujul2020.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"cpuoct2020.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938","reference_id":"CVE-2020-1938","reference_type":"","scores":[{"value":"High","scoring_system":"apache_tomcat","scoring_elements":""},{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938"},{"reference_url":"https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi/blob/8bd38f4cf22331ecf4e48096a78c5931509c26be/CNVD-2020-10487-Tomcat-Ajp-lfi.py","reference_id":"CVE-2020-1938","reference_type":"exploit","scores":[],"url":"https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi/blob/8bd38f4cf22331ecf4e48096a78c5931509c26be/CNVD-2020-10487-Tomcat-Ajp-lfi.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48143.py","reference_id":"CVE-2020-1938","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/48143.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49039.rb","reference_id":"CVE-2020-1938","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49039.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1938","reference_id":"CVE-2020-1938","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1938"},{"reference_url":"https://www.debian.org/security/2020/dsa-4673","reference_id":"dsa-4673","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://www.debian.org/security/2020/dsa-4673"},{"reference_url":"https://www.debian.org/security/2020/dsa-4680","reference_id":"dsa-4680","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://www.debian.org/security/2020/dsa-4680"},{"reference_url":"https://github.com/advisories/GHSA-c9hw-wf7x-jp9j","reference_id":"GHSA-c9hw-wf7x-jp9j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c9hw-wf7x-jp9j"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/","reference_id":"K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/","reference_id":"L46WJIV6UV3FWA5O5YEY6XLA73RYD53B","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","reference_id":"msg00002.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html","reference_id":"msg00006.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html","reference_id":"msg00025.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200226-0002/","reference_id":"ntap-20200226-0002","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200226-0002/"},{"reference_url":"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E","reference_id":"r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E","reference_id":"r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E","reference_id":"r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E","reference_id":"r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E","reference_id":"r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E","reference_id":"r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E","reference_id":"r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E","reference_id":"r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E","reference_id":"r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E","reference_id":"r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E","reference_id":"r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E","reference_id":"r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E","reference_id":"r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E","reference_id":"r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E","reference_id":"r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E","reference_id":"r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E","reference_id":"r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E","reference_id":"r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E","reference_id":"rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E","reference_id":"rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E","reference_id":"rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E","reference_id":"rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E","reference_id":"rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E","reference_id":"rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E","reference_id":"rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E","reference_id":"rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E","reference_id":"re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","reference_id":"rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E","reference_id":"rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E","reference_id":"rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:05:38Z/"}],"url":"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0855","reference_id":"RHSA-2020:0855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0860","reference_id":"RHSA-2020:0860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0861","reference_id":"RHSA-2020:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0912","reference_id":"RHSA-2020:0912","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0912"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1478","reference_id":"RHSA-2020:1478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1479","reference_id":"RHSA-2020:1479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1520","reference_id":"RHSA-2020:1520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1521","reference_id":"RHSA-2020:1521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2367","reference_id":"RHSA-2020:2367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2779","reference_id":"RHSA-2020:2779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2780","reference_id":"RHSA-2020:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2781","reference_id":"RHSA-2020:2781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2783","reference_id":"RHSA-2020:2783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2840","reference_id":"RHSA-2020:2840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4847","reference_id":"RHSA-2020:4847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3140","reference_id":"RHSA-2021:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3140"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/897?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.100","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-yg5s-2fsb-gub2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.100"},{"url":"http://public2.vulnerablecode.io/api/packages/740?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.51"},{"url":"http://public2.vulnerablecode.io/api/packages/590?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yg5s-2fsb-gub2"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.31"}],"aliases":["CVE-2020-1938","GHSA-c9hw-wf7x-jp9j"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t7xw-r7rz-u3g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27398?format=json","vulnerability_id":"VCID-t8tc-zb3w-57gv","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38954","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a"},{"reference_url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb"},{"reference_url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5"},{"reference_url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c"},{"reference_url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522"},{"reference_url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/20"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040","reference_id":"2457040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040"},{"reference_url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn","reference_id":"2c682qnlg2tv4o5knlggqbl9yc2gb5sn","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/"}],"url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880","reference_id":"CVE-2026-24880","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880"},{"reference_url":"https://github.com/advisories/GHSA-563x-q5rq-57qp","reference_id":"GHSA-563x-q5rq-57qp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-563x-q5rq-57qp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/456?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-nfmu-1t27-e3fu"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/300?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-8sda-scr3-qfex"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-r6yr-45cm-8ucv"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.52"},{"url":"http://public2.vulnerablecode.io/api/packages/296?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-nfmu-1t27-e3fu"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/220?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-nfmu-1t27-e3fu"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"}],"aliases":["CVE-2026-24880","GHSA-563x-q5rq-57qp"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8tc-zb3w-57gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9437?format=json","vulnerability_id":"VCID-vfh6-rc99-e3bf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30640","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30957","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30640"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100"},{"reference_url":"https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f"},{"reference_url":"https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c"},{"reference_url":"https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0"},{"reference_url":"https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945"},{"reference_url":"https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7"},{"reference_url":"https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe"},{"reference_url":"https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38"},{"reference_url":"https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434"},{"reference_url":"https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b"},{"reference_url":"https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89"},{"reference_url":"https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56"},{"reference_url":"https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375"},{"reference_url":"https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43"},{"reference_url":"https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b"},{"reference_url":"https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef"},{"reference_url":"https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb"},{"reference_url":"https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e"},{"reference_url":"https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822"},{"reference_url":"https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972"},{"reference_url":"https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667"},{"reference_url":"https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9"},{"reference_url":"https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862"},{"reference_url":"https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51"},{"reference_url":"https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6"},{"reference_url":"https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30640","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30640"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210827-0007","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210827-0007"},{"reference_url":"https://www.debian.org/security/2021/dsa-4952","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4952"},{"reference_url":"https://www.debian.org/security/2021/dsa-4986","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4986"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981544","reference_id":"1981544","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981544"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046","reference_id":"991046","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640","reference_id":"CVE-2021-30640","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640"},{"reference_url":"https://security.gentoo.org/glsa/202208-34","reference_id":"GLSA-202208-34","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202208-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4861","reference_id":"RHSA-2021:4861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4863","reference_id":"RHSA-2021:4863","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1179","reference_id":"RHSA-2022:1179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://usn.ubuntu.com/5360-1/","reference_id":"USN-5360-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5360-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/881?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.109","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-yg5s-2fsb-gub2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.109"},{"url":"http://public2.vulnerablecode.io/api/packages/718?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.65","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bbye-dcrb-t3ev"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.65"},{"url":"http://public2.vulnerablecode.io/api/packages/715?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.66","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-64zy-xgrf-eba1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bbye-dcrb-t3ev"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.66"},{"url":"http://public2.vulnerablecode.io/api/packages/568?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bbye-dcrb-t3ev"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-x7wn-uamc-6bg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.45"},{"url":"http://public2.vulnerablecode.io/api/packages/565?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.46","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-64zy-xgrf-eba1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bbye-dcrb-t3ev"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-x7wn-uamc-6bg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.46"},{"url":"http://public2.vulnerablecode.io/api/packages/426?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-bbye-dcrb-t3ev"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-vfh6-rc99-e3bf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/423?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-64zy-xgrf-eba1"},{"vulnerability":"VCID-bbye-dcrb-t3ev"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-tvrz-n2kd-pba4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.6"}],"aliases":["CVE-2021-30640","GHSA-36qh-35cm-5w2w"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfh6-rc99-e3bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8755?format=json","vulnerability_id":"VCID-yg5s-2fsb-gub2","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8022.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8022.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8022","reference_id":"","reference_type":"","scores":[{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40408","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8022"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1172405","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1172405"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852863","reference_id":"1852863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852863"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8022","reference_id":"CVE-2020-8022","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8022"},{"reference_url":"https://github.com/advisories/GHSA-gc58-v8h3-x2gr","reference_id":"GHSA-gc58-v8h3-x2gr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc58-v8h3-x2gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/764?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.53"},{"url":"http://public2.vulnerablecode.io/api/packages/556?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-fbxk-sjfu-eyf1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.35"}],"aliases":["CVE-2020-8022","GHSA-gc58-v8h3-x2gr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yg5s-2fsb-gub2"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.96"}