Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1
Typemaven
Namespaceorg.apache.tomcat
Nametomcat-catalina
Version11.0.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version11.0.2
Latest_non_vulnerable_version11.0.21
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8mns-kw6c-a7dk
vulnerability_id VCID-8mns-kw6c-a7dk
summary 
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.

The following versions were EOL at the time the CVE was created but are 
known to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52316.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52316
reference_id
reference_type
scores
0
value 0.01353
scoring_system epss
scoring_elements 0.80071
published_at 2026-04-02T12:55:00Z
1
value 0.01353
scoring_system epss
scoring_elements 0.80109
published_at 2026-04-08T12:55:00Z
2
value 0.01353
scoring_system epss
scoring_elements 0.8008
published_at 2026-04-07T12:55:00Z
3
value 0.01353
scoring_system epss
scoring_elements 0.80092
published_at 2026-04-04T12:55:00Z
4
value 0.01828
scoring_system epss
scoring_elements 0.82897
published_at 2026-04-13T12:55:00Z
5
value 0.01828
scoring_system epss
scoring_elements 0.82901
published_at 2026-04-12T12:55:00Z
6
value 0.01828
scoring_system epss
scoring_elements 0.82906
published_at 2026-04-11T12:55:00Z
7
value 0.01828
scoring_system epss
scoring_elements 0.8289
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52316
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14
5
reference_url https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223
6
reference_url https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369
7
reference_url https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-18T14:50:59Z/
url https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52316
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52316
10
reference_url https://security.netapp.com/advisory/ntap-20250124-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250124-0003
11
reference_url http://www.openwall.com/lists/oss-security/2024/11/18/2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/11/18/2
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2326972
reference_id 2326972
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2326972
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316
reference_id CVE-2024-52316
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316
14
reference_url https://github.com/advisories/GHSA-xcpr-7mr4-h4xq
reference_id GHSA-xcpr-7mr4-h4xq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xcpr-7mr4-h4xq
15
reference_url https://access.redhat.com/errata/RHSA-2025:3608
reference_id RHSA-2025:3608
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3608
16
reference_url https://access.redhat.com/errata/RHSA-2025:3609
reference_id RHSA-2025:3609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3609
17
reference_url https://access.redhat.com/errata/RHSA-2025:7497
reference_id RHSA-2025:7497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7497
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.96
purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.96
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.96
1
url pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.30
purl pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.30
2
url pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1
purl pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1
aliases CVE-2024-52316, GHSA-xcpr-7mr4-h4xq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mns-kw6c-a7dk
1
url VCID-j6cj-ftyd-3ffa
vulnerability_id VCID-j6cj-ftyd-3ffa
summary 
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
Older, EOL versions may also be affected.


The vulnerability is limited to the ROOT (default) web application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41080
reference_id
reference_type
scores
0
value 0.11586
scoring_system epss
scoring_elements 0.93643
published_at 2026-04-13T12:55:00Z
1
value 0.11586
scoring_system epss
scoring_elements 0.93642
published_at 2026-04-12T12:55:00Z
2
value 0.11586
scoring_system epss
scoring_elements 0.93637
published_at 2026-04-09T12:55:00Z
3
value 0.11586
scoring_system epss
scoring_elements 0.93635
published_at 2026-04-08T12:55:00Z
4
value 0.11586
scoring_system epss
scoring_elements 0.93626
published_at 2026-04-07T12:55:00Z
5
value 0.13662
scoring_system epss
scoring_elements 0.94234
published_at 2026-04-04T12:55:00Z
6
value 0.13662
scoring_system epss
scoring_elements 0.94222
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41080
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b
5
reference_url https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
6
reference_url https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
7
reference_url https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
8
reference_url https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:42:58Z/
url https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
9
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
10
reference_url https://security.netapp.com/advisory/ntap-20230921-0006
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230921-0006
11
reference_url https://www.debian.org/security/2023/dsa-5521
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5521
12
reference_url https://www.debian.org/security/2023/dsa-5522
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5522
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2235370
reference_id 2235370
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2235370
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
reference_id CVE-2023-41080
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41080
reference_id CVE-2023-41080
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41080
16
reference_url https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
reference_id GHSA-q3mw-pvr8-9ggc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
17
reference_url https://access.redhat.com/errata/RHSA-2023:5946
reference_id RHSA-2023:5946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5946
18
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
19
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
20
reference_url https://access.redhat.com/errata/RHSA-2023:7678
reference_id RHSA-2023:7678
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7678
21
reference_url https://access.redhat.com/errata/RHSA-2024:0125
reference_id RHSA-2024:0125
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0125
22
reference_url https://access.redhat.com/errata/RHSA-2024:0474
reference_id RHSA-2024:0474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0474
23
reference_url https://access.redhat.com/errata/RHSA-2024:1324
reference_id RHSA-2024:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1324
24
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
25
reference_url https://access.redhat.com/errata/RHSA-2024:4631
reference_id RHSA-2024:4631
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4631
26
reference_url https://usn.ubuntu.com/7106-1/
reference_id USN-7106-1
reference_type
scores
url https://usn.ubuntu.com/7106-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.93
purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.93
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8mns-kw6c-a7dk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.93
1
url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.80
purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.80
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8mns-kw6c-a7dk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.80
2
url pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.13
purl pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8mns-kw6c-a7dk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.13
3
url pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1
purl pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1
aliases CVE-2023-41080, GHSA-q3mw-pvr8-9ggc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6cj-ftyd-3ffa
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.1