{"url":"http://public2.vulnerablecode.io/api/packages/52390?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.2","type":"maven","namespace":"org.apache.tomcat.embed","name":"tomcat-embed-core","version":"11.0.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"11.0.9","latest_non_vulnerable_version":"11.0.21","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4422?format=json","vulnerability_id":"VCID-fpgj-82wf-ykbw","summary":"Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53506","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5542","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55445","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62476","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62425","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.6251","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62527","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.6252","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62478","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.625","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62511","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62492","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63467","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63498","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63494","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.7941","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53506"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb"},{"reference_url":"https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b"},{"reference_url":"https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b"},{"reference_url":"https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-11T13:46:01Z/"}],"url":"https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53506","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53506"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/07/10/13","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/07/10/13"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113","reference_id":"1109113","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114","reference_id":"1109114","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379386","reference_id":"2379386","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506","reference_id":"CVE-2025-53506","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506"},{"reference_url":"https://github.com/advisories/GHSA-25xr-qj8w-c4vf","reference_id":"GHSA-25xr-qj8w-c4vf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-25xr-qj8w-c4vf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11695","reference_id":"RHSA-2025:11695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11696","reference_id":"RHSA-2025:11696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11741","reference_id":"RHSA-2025:11741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11742","reference_id":"RHSA-2025:11742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14177","reference_id":"RHSA-2025:14177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14178","reference_id":"RHSA-2025:14178","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14178"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14179","reference_id":"RHSA-2025:14179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14180","reference_id":"RHSA-2025:14180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14180"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14181","reference_id":"RHSA-2025:14181","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14181"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14182","reference_id":"RHSA-2025:14182","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14182"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14183","reference_id":"RHSA-2025:14183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14183"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70498?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9"}],"aliases":["CVE-2025-53506","GHSA-25xr-qj8w-c4vf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fpgj-82wf-ykbw"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4432?format=json","vulnerability_id":"VCID-43j2-w5xt-43g9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56337.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56337.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56337","reference_id":"","reference_type":"","scores":[{"value":"0.10166","scoring_system":"epss","scoring_elements":"0.93163","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10166","scoring_system":"epss","scoring_elements":"0.93148","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11183","scoring_system":"epss","scoring_elements":"0.93469","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11486","scoring_system":"epss","scoring_elements":"0.93602","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11486","scoring_system":"epss","scoring_elements":"0.93642","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11486","scoring_system":"epss","scoring_elements":"0.93644","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11486","scoring_system":"epss","scoring_elements":"0.93646","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11486","scoring_system":"epss","scoring_elements":"0.93641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.11486","scoring_system":"epss","scoring_elements":"0.93637","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11486","scoring_system":"epss","scoring_elements":"0.9363","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11486","scoring_system":"epss","scoring_elements":"0.93611","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11486","scoring_system":"epss","scoring_elements":"0.9361","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11486","scoring_system":"epss","scoring_elements":"0.93604","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11486","scoring_system":"epss","scoring_elements":"0.93592","published_at":"2026-04-04T12:55:00Z"},{"value":"0.11486","scoring_system":"epss","scoring_elements":"0.93593","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56337"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T13:28:46Z/"}],"url":"https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56337","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56337"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250103-0002","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250103-0002"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2024-50379","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T13:28:46Z/"}],"url":"https://www.cve.org/CVERecord?id=CVE-2024-50379"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2333521","reference_id":"2333521","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2333521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337","reference_id":"CVE-2024-56337","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337"},{"reference_url":"https://github.com/advisories/GHSA-27hp-xhwr-wr2m","reference_id":"GHSA-27hp-xhwr-wr2m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-27hp-xhwr-wr2m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11332","reference_id":"RHSA-2025:11332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11333","reference_id":"RHSA-2025:11333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11334","reference_id":"RHSA-2025:11334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11334"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11335","reference_id":"RHSA-2025:11335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11381","reference_id":"RHSA-2025:11381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11382","reference_id":"RHSA-2025:11382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4521","reference_id":"RHSA-2025:4521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4522","reference_id":"RHSA-2025:4522","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4522"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52394?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.98","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpgj-82wf-ykbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.98"},{"url":"http://public2.vulnerablecode.io/api/packages/52392?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpgj-82wf-ykbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.34"},{"url":"http://public2.vulnerablecode.io/api/packages/52390?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpgj-82wf-ykbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.2"}],"aliases":["CVE-2024-56337","GHSA-27hp-xhwr-wr2m"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43j2-w5xt-43g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4434?format=json","vulnerability_id":"VCID-v8ku-sjc8-wfga","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50379.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50379.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50379","reference_id":"","reference_type":"","scores":[{"value":"0.8616","scoring_system":"epss","scoring_elements":"0.99402","published_at":"2026-04-21T12:55:00Z"},{"value":"0.8616","scoring_system":"epss","scoring_elements":"0.99403","published_at":"2026-05-05T12:55:00Z"},{"value":"0.86495","scoring_system":"epss","scoring_elements":"0.99408","published_at":"2026-04-04T12:55:00Z"},{"value":"0.86495","scoring_system":"epss","scoring_elements":"0.99414","published_at":"2026-04-13T12:55:00Z"},{"value":"0.86495","scoring_system":"epss","scoring_elements":"0.99413","published_at":"2026-04-12T12:55:00Z"},{"value":"0.86495","scoring_system":"epss","scoring_elements":"0.99412","published_at":"2026-04-11T12:55:00Z"},{"value":"0.86495","scoring_system":"epss","scoring_elements":"0.99411","published_at":"2026-04-09T12:55:00Z"},{"value":"0.86495","scoring_system":"epss","scoring_elements":"0.9941","published_at":"2026-04-08T12:55:00Z"},{"value":"0.86495","scoring_system":"epss","scoring_elements":"0.99409","published_at":"2026-04-07T12:55:00Z"},{"value":"0.86495","scoring_system":"epss","scoring_elements":"0.99416","published_at":"2026-04-18T12:55:00Z"},{"value":"0.86495","scoring_system":"epss","scoring_elements":"0.99417","published_at":"2026-04-16T12:55:00Z"},{"value":"0.87309","scoring_system":"epss","scoring_elements":"0.9946","published_at":"2026-05-07T12:55:00Z"},{"value":"0.87447","scoring_system":"epss","scoring_elements":"0.99451","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50379"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f"},{"reference_url":"https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00"},{"reference_url":"https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41"},{"reference_url":"https://github.com/apache/tomcat/commit/684247ae85fa633b9197b32391de59fc54703842","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/684247ae85fa633b9197b32391de59fc54703842"},{"reference_url":"https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2"},{"reference_url":"https://github.com/apache/tomcat/commit/cc7a98b57c6dc1df21979fcff94a36e068f4456c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/cc7a98b57c6dc1df21979fcff94a36e068f4456c"},{"reference_url":"https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-17T16:54:54Z/"}],"url":"https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50379","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50379"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250103-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250103-0003"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/17/4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/17/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/18/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/18/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2332817","reference_id":"2332817","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2332817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379","reference_id":"CVE-2024-50379","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379"},{"reference_url":"https://github.com/advisories/GHSA-5j33-cvvr-w245","reference_id":"GHSA-5j33-cvvr-w245","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5j33-cvvr-w245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0342","reference_id":"RHSA-2025:0342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0343","reference_id":"RHSA-2025:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0361","reference_id":"RHSA-2025:0361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0362","reference_id":"RHSA-2025:0362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1920","reference_id":"RHSA-2025:1920","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1920"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3645","reference_id":"RHSA-2025:3645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3646","reference_id":"RHSA-2025:3646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3647","reference_id":"RHSA-2025:3647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3683","reference_id":"RHSA-2025:3683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3684","reference_id":"RHSA-2025:3684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3684"},{"reference_url":"https://usn.ubuntu.com/7705-1/","reference_id":"USN-7705-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7705-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52394?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.98","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpgj-82wf-ykbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.98"},{"url":"http://public2.vulnerablecode.io/api/packages/52392?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpgj-82wf-ykbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.34"},{"url":"http://public2.vulnerablecode.io/api/packages/52390?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpgj-82wf-ykbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.2"}],"aliases":["CVE-2024-50379","GHSA-5j33-cvvr-w245"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v8ku-sjc8-wfga"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.2"}