Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@10.1.16
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version10.1.16
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version10.1.19
Latest_non_vulnerable_version11.0.18
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-zba8-2zc4-9qfh
vulnerability_id VCID-zba8-2zc4-9qfh
summary 
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 does not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
request as multiple requests leading to the possibility of request 
smuggling when behind a reverse proxy.

Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
references
0
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
url https://github.com/apache/tomcat
1
reference_url https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
2
reference_url https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
3
reference_url https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
4
reference_url https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
5
reference_url https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
reference_id
reference_type
scores
url https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
6
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
7
reference_url https://security.netapp.com/advisory/ntap-20231214-0009
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231214-0009
8
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-10.html
9
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-11.html
10
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-8.html
11
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-9.html
12
reference_url https://www.openwall.com/lists/oss-security/2023/11/28/2
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2023/11/28/2
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46589
reference_id CVE-2023-46589
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-46589
14
reference_url https://github.com/advisories/GHSA-fccv-jmmp-qg76
reference_id GHSA-fccv-jmmp-qg76
reference_type
scores
url https://github.com/advisories/GHSA-fccv-jmmp-qg76
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.96
purl pkg:maven/org.apache.tomcat/tomcat@8.5.96
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.96
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.83
purl pkg:maven/org.apache.tomcat/tomcat@9.0.83
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s93z-rmw7-5bcw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.83
2
url pkg:maven/org.apache.tomcat/tomcat@10.1.16
purl pkg:maven/org.apache.tomcat/tomcat@10.1.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.16
aliases CVE-2023-46589, GHSA-fccv-jmmp-qg76
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zba8-2zc4-9qfh
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.16