Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@9.0.20
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version9.0.20
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version9.0.35
Latest_non_vulnerable_version11.0.18
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-rk89-9dw5-w3gg
vulnerability_id VCID-rk89-9dw5-w3gg
summary 
Improper Resource Shutdown or Release
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.
references
0
reference_url https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c
reference_id
reference_type
scores
url https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25762
reference_id CVE-2022-25762
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25762
2
reference_url https://github.com/advisories/GHSA-h3ch-5pp2-vh6w
reference_id GHSA-h3ch-5pp2-vh6w
reference_type
scores
url https://github.com/advisories/GHSA-h3ch-5pp2-vh6w
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.75
purl pkg:maven/org.apache.tomcat/tomcat@8.5.75
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.75
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.20
purl pkg:maven/org.apache.tomcat/tomcat@9.0.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.20
aliases CVE-2022-25762, GHSA-h3ch-5pp2-vh6w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rk89-9dw5-w3gg
1
url VCID-xns8-63b5-guf2
vulnerability_id VCID-xns8-63b5-guf2
summary 
Uncontrolled Resource Consumption
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat. By not sending `WINDOW_UPDATE` messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html
1
reference_url https://access.redhat.com/errata/RHSA-2019:3929
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3929
2
reference_url https://access.redhat.com/errata/RHSA-2019:3931
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3931
3
reference_url https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
8
reference_url https://security.netapp.com/advisory/ntap-20190625-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190625-0002/
9
reference_url https://support.f5.com/csp/article/K17321505
reference_id
reference_type
scores
url https://support.f5.com/csp/article/K17321505
10
reference_url https://usn.ubuntu.com/4128-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4128-1/
11
reference_url https://usn.ubuntu.com/4128-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4128-2/
12
reference_url https://www.debian.org/security/2020/dsa-4680
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4680
13
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2020.html
14
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
15
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2020.html
16
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2020.html
17
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
18
reference_url https://www.securityfocus.com/bid/108874
reference_id
reference_type
scores
url https://www.securityfocus.com/bid/108874
19
reference_url https://www.synology.com/security/advisory/Synology_SA_19_29
reference_id
reference_type
scores
url https://www.synology.com/security/advisory/Synology_SA_19_29
20
reference_url http://www.securityfocus.com/bid/108874
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/108874
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10072
reference_id CVE-2019-10072
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-10072
22
reference_url https://github.com/advisories/GHSA-q4hg-rmq2-52q9
reference_id GHSA-q4hg-rmq2-52q9
reference_type
scores
url https://github.com/advisories/GHSA-q4hg-rmq2-52q9
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.41
purl pkg:maven/org.apache.tomcat/tomcat@8.5.41
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.41
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.20
purl pkg:maven/org.apache.tomcat/tomcat@9.0.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.20
aliases CVE-2019-10072, GHSA-q4hg-rmq2-52q9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xns8-63b5-guf2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.20