{"url":"http://public2.vulnerablecode.io/api/packages/57768?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-util@8.5.37","type":"maven","namespace":"org.apache.tomcat","name":"tomcat-util","version":"8.5.37","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.40","latest_non_vulnerable_version":"10.1.16","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40903?format=json","vulnerability_id":"VCID-1kgu-zupu-tydw","summary":"Uncontrolled Resource Consumption\nThe HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of `SETTINGS` frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0199","reference_id":"CVE-2019-0199","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0199"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57770?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-util@8.5.38","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@8.5.38"},{"url":"http://public2.vulnerablecode.io/api/packages/57771?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-util@9.0.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@9.0.16"}],"aliases":["CVE-2019-0199"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1kgu-zupu-tydw"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@8.5.37"}