{"url":"http://public2.vulnerablecode.io/api/packages/840?format=json","purl":"pkg:apache/tomcat@9.0.13","type":"apache","namespace":"","name":"tomcat","version":"9.0.13","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.0.16","latest_non_vulnerable_version":"11.0.21","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4439?format=json","vulnerability_id":"VCID-3vdn-j7sj-dfdn","summary":"Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38286.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38286","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60805","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60757","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60806","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60814","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60822","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60801","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60828","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60779","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60798","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60812","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6079","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60774","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60761","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60731","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38286"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3197862639732e16ec1164557bcd289ebc116c93"},{"reference_url":"https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543"},{"reference_url":"https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13"},{"reference_url":"https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:33:49Z/"}],"url":"https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38286","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38286"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241101-0010","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241101-0010"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/09/23/2","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/09/23/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314686","reference_id":"2314686","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286","reference_id":"CVE-2024-38286","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286"},{"reference_url":"https://github.com/advisories/GHSA-7jqf-v358-p8g7","reference_id":"GHSA-7jqf-v358-p8g7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7jqf-v358-p8g7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4976","reference_id":"RHSA-2024:4976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4977","reference_id":"RHSA-2024:4977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5024","reference_id":"RHSA-2024:5024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5025","reference_id":"RHSA-2024:5025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5693","reference_id":"RHSA-2024:5693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5694","reference_id":"RHSA-2024:5694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5695","reference_id":"RHSA-2024:5695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5696","reference_id":"RHSA-2024:5696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8494","reference_id":"RHSA-2024:8494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8497","reference_id":"RHSA-2024:8497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8528","reference_id":"RHSA-2024:8528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8543","reference_id":"RHSA-2024:8543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8567","reference_id":"RHSA-2024:8567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8572","reference_id":"RHSA-2024:8572","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8572"},{"reference_url":"https://usn.ubuntu.com/7562-1/","reference_id":"USN-7562-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7562-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/837?format=json","purl":"pkg:apache/tomcat@9.0.90","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.90"},{"url":"http://public2.vulnerablecode.io/api/packages/683?format=json","purl":"pkg:apache/tomcat@10.1.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.25"},{"url":"http://public2.vulnerablecode.io/api/packages/613?format=json","purl":"pkg:apache/tomcat@11.0.0-M21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.0-M21"}],"aliases":["CVE-2024-38286","GHSA-7jqf-v358-p8g7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3vdn-j7sj-dfdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351080?format=json","vulnerability_id":"VCID-d1fm-vbd1-n7au","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34487","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08832","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08846","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08877","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23843","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24008","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23977","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23854","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23764","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.2368","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23801","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23995","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34487"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150"},{"reference_url":"https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d"},{"reference_url":"https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976"},{"reference_url":"https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:47:28Z/"}],"url":"https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34487","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34487"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/28","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/28"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457038","reference_id":"2457038","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487","reference_id":"CVE-2026-34487","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487"},{"reference_url":"https://github.com/advisories/GHSA-x4m4-345f-5h5g","reference_id":"GHSA-x4m4-345f-5h5g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4m4-345f-5h5g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1059920?format=json","purl":"pkg:apache/tomcat@9.0.117","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.117"},{"url":"http://public2.vulnerablecode.io/api/packages/1059915?format=json","purl":"pkg:apache/tomcat@10.1.54","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.54"},{"url":"http://public2.vulnerablecode.io/api/packages/1059906?format=json","purl":"pkg:apache/tomcat@11.0.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.21"}],"aliases":["CVE-2026-34487","GHSA-x4m4-345f-5h5g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1fm-vbd1-n7au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4454?format=json","vulnerability_id":"VCID-qkx6-32cj-jfbp","summary":"The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29885","reference_id":"","reference_type":"","scores":[{"value":"0.55532","scoring_system":"epss","scoring_elements":"0.98088","published_at":"2026-04-18T12:55:00Z"},{"value":"0.55532","scoring_system":"epss","scoring_elements":"0.98094","published_at":"2026-05-07T12:55:00Z"},{"value":"0.55532","scoring_system":"epss","scoring_elements":"0.98095","published_at":"2026-05-05T12:55:00Z"},{"value":"0.55532","scoring_system":"epss","scoring_elements":"0.98089","published_at":"2026-04-29T12:55:00Z"},{"value":"0.55532","scoring_system":"epss","scoring_elements":"0.98086","published_at":"2026-04-26T12:55:00Z"},{"value":"0.55532","scoring_system":"epss","scoring_elements":"0.98084","published_at":"2026-04-24T12:55:00Z"},{"value":"0.55532","scoring_system":"epss","scoring_elements":"0.98083","published_at":"2026-04-21T12:55:00Z"},{"value":"0.55532","scoring_system":"epss","scoring_elements":"0.98087","published_at":"2026-04-16T12:55:00Z"},{"value":"0.55532","scoring_system":"epss","scoring_elements":"0.98081","published_at":"2026-04-13T12:55:00Z"},{"value":"0.55532","scoring_system":"epss","scoring_elements":"0.9808","published_at":"2026-04-12T12:55:00Z"},{"value":"0.58505","scoring_system":"epss","scoring_elements":"0.98205","published_at":"2026-04-09T12:55:00Z"},{"value":"0.58505","scoring_system":"epss","scoring_elements":"0.98195","published_at":"2026-04-02T12:55:00Z"},{"value":"0.58505","scoring_system":"epss","scoring_elements":"0.98198","published_at":"2026-04-04T12:55:00Z"},{"value":"0.58505","scoring_system":"epss","scoring_elements":"0.98199","published_at":"2026-04-07T12:55:00Z"},{"value":"0.58505","scoring_system":"epss","scoring_elements":"0.98204","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29885"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d"},{"reference_url":"https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91"},{"reference_url":"https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890"},{"reference_url":"https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48"},{"reference_url":"https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220629-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220629-0002"},{"reference_url":"https://www.debian.org/security/2022/dsa-5265","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5265"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2093014","reference_id":"2093014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2093014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885","reference_id":"CVE-2022-29885","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py","reference_id":"CVE-2022-29885","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29885","reference_id":"CVE-2022-29885","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29885"},{"reference_url":"https://github.com/advisories/GHSA-r84p-88g2-2vx2","reference_id":"GHSA-r84p-88g2-2vx2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r84p-88g2-2vx2"},{"reference_url":"https://usn.ubuntu.com/6943-1/","reference_id":"USN-6943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/879?format=json","purl":"pkg:apache/tomcat@9.0.63","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.63"},{"url":"http://public2.vulnerablecode.io/api/packages/731?format=json","purl":"pkg:apache/tomcat@10.0.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/735?format=json","purl":"pkg:apache/tomcat@10.1.0-M15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M15"}],"aliases":["CVE-2022-29885","GHSA-r84p-88g2-2vx2"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkx6-32cj-jfbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351081?format=json","vulnerability_id":"VCID-yrzk-1dbk-muhy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08832","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08846","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08877","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28141","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28253","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28379","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2843","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28454","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27966","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27903","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28063","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29146"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1"},{"reference_url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd"},{"reference_url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1"},{"reference_url":"https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c"},{"reference_url":"https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa"},{"reference_url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418"},{"reference_url":"https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:17:02Z/"}],"url":"https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29146"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/24","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/24"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457020","reference_id":"2457020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146","reference_id":"CVE-2026-29146","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-29146","reference_id":"CVE-2026-29146","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-29146"},{"reference_url":"https://github.com/advisories/GHSA-h468-7pvh-8vr8","reference_id":"GHSA-h468-7pvh-8vr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h468-7pvh-8vr8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1059919?format=json","purl":"pkg:apache/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rmy-13ym-3bgm"},{"vulnerability":"VCID-8e1c-rbkg-v7c2"},{"vulnerability":"VCID-abt4-b2cv-eygv"},{"vulnerability":"VCID-d1fm-vbd1-n7au"},{"vulnerability":"VCID-yrzk-1dbk-muhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/1059920?format=json","purl":"pkg:apache/tomcat@9.0.117","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.117"},{"url":"http://public2.vulnerablecode.io/api/packages/1059914?format=json","purl":"pkg:apache/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rmy-13ym-3bgm"},{"vulnerability":"VCID-8e1c-rbkg-v7c2"},{"vulnerability":"VCID-abt4-b2cv-eygv"},{"vulnerability":"VCID-d1fm-vbd1-n7au"},{"vulnerability":"VCID-yrzk-1dbk-muhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/1059915?format=json","purl":"pkg:apache/tomcat@10.1.54","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.54"},{"url":"http://public2.vulnerablecode.io/api/packages/1059905?format=json","purl":"pkg:apache/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rmy-13ym-3bgm"},{"vulnerability":"VCID-8e1c-rbkg-v7c2"},{"vulnerability":"VCID-abt4-b2cv-eygv"},{"vulnerability":"VCID-d1fm-vbd1-n7au"},{"vulnerability":"VCID-yrzk-1dbk-muhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/1059906?format=json","purl":"pkg:apache/tomcat@11.0.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.21"}],"aliases":["CVE-2026-29146","GHSA-h468-7pvh-8vr8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrzk-1dbk-muhy"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.13"}