{"url":"http://public2.vulnerablecode.io/api/packages/880?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.62","type":"maven","namespace":"org.apache.tomcat","name":"tomcat","version":"9.0.62","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.0.117","latest_non_vulnerable_version":"11.0.21","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4446?format=json","vulnerability_id":"VCID-b3bb-9ajg-sfc9","summary":"Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46589","reference_id":"","reference_type":"","scores":[{"value":"0.51432","scoring_system":"epss","scoring_elements":"0.97895","published_at":"2026-04-16T12:55:00Z"},{"value":"0.51432","scoring_system":"epss","scoring_elements":"0.97888","published_at":"2026-04-13T12:55:00Z"},{"value":"0.51432","scoring_system":"epss","scoring_elements":"0.97886","published_at":"2026-04-12T12:55:00Z"},{"value":"0.51432","scoring_system":"epss","scoring_elements":"0.97885","published_at":"2026-04-11T12:55:00Z"},{"value":"0.51432","scoring_system":"epss","scoring_elements":"0.97882","published_at":"2026-04-09T12:55:00Z"},{"value":"0.51432","scoring_system":"epss","scoring_elements":"0.97875","published_at":"2026-04-07T12:55:00Z"},{"value":"0.51432","scoring_system":"epss","scoring_elements":"0.97872","published_at":"2026-04-04T12:55:00Z"},{"value":"0.51432","scoring_system":"epss","scoring_elements":"0.97871","published_at":"2026-04-02T12:55:00Z"},{"value":"0.51432","scoring_system":"epss","scoring_elements":"0.9788","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46589"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b"},{"reference_url":"https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd"},{"reference_url":"https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642"},{"reference_url":"https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08"},{"reference_url":"https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/"}],"url":"https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231214-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231214-0009"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/11/28/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/11/28/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/28/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/28/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082","reference_id":"1057082","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252050","reference_id":"2252050","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252050"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589","reference_id":"CVE-2023-46589","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46589","reference_id":"CVE-2023-46589","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46589"},{"reference_url":"https://github.com/advisories/GHSA-fccv-jmmp-qg76","reference_id":"GHSA-fccv-jmmp-qg76","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fccv-jmmp-qg76"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0532","reference_id":"RHSA-2024:0532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0539","reference_id":"RHSA-2024:0539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1092","reference_id":"RHSA-2024:1092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1092"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1134","reference_id":"RHSA-2024:1134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1318","reference_id":"RHSA-2024:1318","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1318"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1319","reference_id":"RHSA-2024:1319","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1324","reference_id":"RHSA-2024:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1325","reference_id":"RHSA-2024:1325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1325"},{"reference_url":"https://usn.ubuntu.com/7032-1/","reference_id":"USN-7032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/789?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.83","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74tx-sx8a-guhs"},{"vulnerability":"VCID-8war-4v58-eub2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.83"},{"url":"http://public2.vulnerablecode.io/api/packages/693?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8war-4v58-eub2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.16"},{"url":"http://public2.vulnerablecode.io/api/packages/622?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-8war-4v58-eub2"},{"vulnerability":"VCID-n9yk-e49f-n7e7"},{"vulnerability":"VCID-rzj2-4kcj-43dq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11"},{"url":"http://public2.vulnerablecode.io/api/packages/605?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-43j2-w5xt-43g9"},{"vulnerability":"VCID-8war-4v58-eub2"},{"vulnerability":"VCID-gvhy-d4gm-57d3"},{"vulnerability":"VCID-v8ku-sjc8-wfga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.1"}],"aliases":["CVE-2023-46589","GHSA-fccv-jmmp-qg76"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3bb-9ajg-sfc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4452?format=json","vulnerability_id":"VCID-nmq2-8ysj-4fbc","summary":"If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42252","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34917","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34895","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34868","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34823","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34943","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37404","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37438","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40887","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40929","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42252"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920"},{"reference_url":"https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77"},{"reference_url":"https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a"},{"reference_url":"https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3"},{"reference_url":"https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/"}],"url":"https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42252","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42252"},{"reference_url":"https://security.gentoo.org/glsa/202305-37","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/"}],"url":"https://security.gentoo.org/glsa/202305-37"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141329","reference_id":"2141329","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252","reference_id":"CVE-2022-42252","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252"},{"reference_url":"https://github.com/advisories/GHSA-p22x-g9px-3945","reference_id":"GHSA-p22x-g9px-3945","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p22x-g9px-3945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1663","reference_id":"RHSA-2023:1663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1664","reference_id":"RHSA-2023:1664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1664"},{"reference_url":"https://usn.ubuntu.com/6880-1/","reference_id":"USN-6880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6880-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/868?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.68","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3bb-9ajg-sfc9"},{"vulnerability":"VCID-stds-vw5z-auhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.68"},{"url":"http://public2.vulnerablecode.io/api/packages/721?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wptr-hkjx-s7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.27"},{"url":"http://public2.vulnerablecode.io/api/packages/714?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8war-4v58-eub2"},{"vulnerability":"VCID-b3bb-9ajg-sfc9"},{"vulnerability":"VCID-stds-vw5z-auhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1"}],"aliases":["CVE-2022-42252","GHSA-p22x-g9px-3945"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmq2-8ysj-4fbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4453?format=json","vulnerability_id":"VCID-p8q2-pt96-5ye8","summary":"In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34305.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34305","reference_id":"","reference_type":"","scores":[{"value":"0.16853","scoring_system":"epss","scoring_elements":"0.94966","published_at":"2026-04-16T12:55:00Z"},{"value":"0.16853","scoring_system":"epss","scoring_elements":"0.94933","published_at":"2026-04-02T12:55:00Z"},{"value":"0.16853","scoring_system":"epss","scoring_elements":"0.94935","published_at":"2026-04-04T12:55:00Z"},{"value":"0.16853","scoring_system":"epss","scoring_elements":"0.94936","published_at":"2026-04-07T12:55:00Z"},{"value":"0.16853","scoring_system":"epss","scoring_elements":"0.94945","published_at":"2026-04-08T12:55:00Z"},{"value":"0.16853","scoring_system":"epss","scoring_elements":"0.94948","published_at":"2026-04-09T12:55:00Z"},{"value":"0.16853","scoring_system":"epss","scoring_elements":"0.94953","published_at":"2026-04-11T12:55:00Z"},{"value":"0.16853","scoring_system":"epss","scoring_elements":"0.94955","published_at":"2026-04-12T12:55:00Z"},{"value":"0.16853","scoring_system":"epss","scoring_elements":"0.94958","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34305"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat/commit/1a7e95d9c3ef18c4efb5eb997fd1553a71dc6c80","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1a7e95d9c3ef18c4efb5eb997fd1553a71dc6c80"},{"reference_url":"https://github.com/apache/tomcat/commit/5f6c88b054b0e4fbccff8b7f15974ed55d59a9f7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5f6c88b054b0e4fbccff8b7f15974ed55d59a9f7"},{"reference_url":"https://github.com/apache/tomcat/commit/8b60af90b99945379c2d1003277e0cabc6776bac","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/8b60af90b99945379c2d1003277e0cabc6776bac"},{"reference_url":"https://github.com/apache/tomcat/commit/d6251d1cfb683f1bdd00ed022ac8e9b9a7e7792c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/d6251d1cfb683f1bdd00ed022ac8e9b9a7e7792c"},{"reference_url":"https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34305","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34305"},{"reference_url":"https://security.gentoo.org/glsa/202208-34","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202208-34"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220729-0006","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220729-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220729-0006/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220729-0006/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/06/23/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/06/23/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102817","reference_id":"2102817","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305","reference_id":"CVE-2022-34305","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305"},{"reference_url":"https://github.com/advisories/GHSA-6j88-6whg-x687","reference_id":"GHSA-6j88-6whg-x687","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6j88-6whg-x687"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/877?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.65","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3bb-9ajg-sfc9"},{"vulnerability":"VCID-nmq2-8ysj-4fbc"},{"vulnerability":"VCID-stds-vw5z-auhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.65"},{"url":"http://public2.vulnerablecode.io/api/packages/724?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmq2-8ysj-4fbc"},{"vulnerability":"VCID-p8q2-pt96-5ye8"},{"vulnerability":"VCID-wptr-hkjx-s7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.22"},{"url":"http://public2.vulnerablecode.io/api/packages/725?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmq2-8ysj-4fbc"},{"vulnerability":"VCID-wptr-hkjx-s7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.23"},{"url":"http://public2.vulnerablecode.io/api/packages/729?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.0-M17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8war-4v58-eub2"},{"vulnerability":"VCID-wptr-hkjx-s7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M17"}],"aliases":["CVE-2022-34305","GHSA-6j88-6whg-x687"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p8q2-pt96-5ye8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4454?format=json","vulnerability_id":"VCID-qkx6-32cj-jfbp","summary":"The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29885.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29885","reference_id":"","reference_type":"","scores":[{"value":"0.55532","scoring_system":"epss","scoring_elements":"0.98087","published_at":"2026-04-16T12:55:00Z"},{"value":"0.55532","scoring_system":"epss","scoring_elements":"0.98081","published_at":"2026-04-13T12:55:00Z"},{"value":"0.55532","scoring_system":"epss","scoring_elements":"0.9808","published_at":"2026-04-12T12:55:00Z"},{"value":"0.58505","scoring_system":"epss","scoring_elements":"0.98205","published_at":"2026-04-09T12:55:00Z"},{"value":"0.58505","scoring_system":"epss","scoring_elements":"0.98204","published_at":"2026-04-08T12:55:00Z"},{"value":"0.58505","scoring_system":"epss","scoring_elements":"0.98199","published_at":"2026-04-07T12:55:00Z"},{"value":"0.58505","scoring_system":"epss","scoring_elements":"0.98198","published_at":"2026-04-04T12:55:00Z"},{"value":"0.58505","scoring_system":"epss","scoring_elements":"0.98195","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29885"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0fa7721f11d565a2cd2e44366c388ad6a3e6357d"},{"reference_url":"https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/36826ea638457d7e17876a70f89cb435b6db0d91"},{"reference_url":"https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890"},{"reference_url":"https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48"},{"reference_url":"https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220629-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220629-0002"},{"reference_url":"https://www.debian.org/security/2022/dsa-5265","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5265"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2093014","reference_id":"2093014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2093014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885","reference_id":"CVE-2022-29885","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py","reference_id":"CVE-2022-29885","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/51262.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29885","reference_id":"CVE-2022-29885","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29885"},{"reference_url":"https://github.com/advisories/GHSA-r84p-88g2-2vx2","reference_id":"GHSA-r84p-88g2-2vx2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r84p-88g2-2vx2"},{"reference_url":"https://usn.ubuntu.com/6943-1/","reference_id":"USN-6943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/881?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.63","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3bb-9ajg-sfc9"},{"vulnerability":"VCID-nmq2-8ysj-4fbc"},{"vulnerability":"VCID-p8q2-pt96-5ye8"},{"vulnerability":"VCID-stds-vw5z-auhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.63"},{"url":"http://public2.vulnerablecode.io/api/packages/733?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmq2-8ysj-4fbc"},{"vulnerability":"VCID-p8q2-pt96-5ye8"},{"vulnerability":"VCID-wptr-hkjx-s7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/737?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.0-M15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8war-4v58-eub2"},{"vulnerability":"VCID-wptr-hkjx-s7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M15"},{"url":"http://public2.vulnerablecode.io/api/packages/714?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8war-4v58-eub2"},{"vulnerability":"VCID-b3bb-9ajg-sfc9"},{"vulnerability":"VCID-stds-vw5z-auhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1"}],"aliases":["CVE-2022-29885","GHSA-r84p-88g2-2vx2"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkx6-32cj-jfbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4451?format=json","vulnerability_id":"VCID-stds-vw5z-auhp","summary":"The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45143.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45143.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45143","reference_id":"","reference_type":"","scores":[{"value":"0.00819","scoring_system":"epss","scoring_elements":"0.74402","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00819","scoring_system":"epss","scoring_elements":"0.74365","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00819","scoring_system":"epss","scoring_elements":"0.74373","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00819","scoring_system":"epss","scoring_elements":"0.74393","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00819","scoring_system":"epss","scoring_elements":"0.74372","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00819","scoring_system":"epss","scoring_elements":"0.74357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00819","scoring_system":"epss","scoring_elements":"0.74351","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00819","scoring_system":"epss","scoring_elements":"0.74324","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45143"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf"},{"reference_url":"https://github.com/apache/tomcat/commit/6a0ac6a438cbbb66b6e9c5223842f53bf0cb50aa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6a0ac6a438cbbb66b6e9c5223842f53bf0cb50aa"},{"reference_url":"https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e"},{"reference_url":"https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:55:21Z/"}],"url":"https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45143","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45143"},{"reference_url":"https://security.gentoo.org/glsa/202305-37","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:55:21Z/"}],"url":"https://security.gentoo.org/glsa/202305-37"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2158695","reference_id":"2158695","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2158695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45143","reference_id":"CVE-2022-45143","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45143"},{"reference_url":"https://github.com/advisories/GHSA-rq2w-37h9-vg94","reference_id":"GHSA-rq2w-37h9-vg94","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rq2w-37h9-vg94"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1663","reference_id":"RHSA-2023:1663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1664","reference_id":"RHSA-2023:1664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1664"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/869?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.69","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3bb-9ajg-sfc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.69"},{"url":"http://public2.vulnerablecode.io/api/packages/715?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8war-4v58-eub2"},{"vulnerability":"VCID-b3bb-9ajg-sfc9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.2"}],"aliases":["CVE-2022-45143","GHSA-rq2w-37h9-vg94"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-stds-vw5z-auhp"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4455?format=json","vulnerability_id":"VCID-j8tk-s915-pbfy","summary":"The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43980","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47996","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48116","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48063","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48052","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48051","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48035","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48055","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48005","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48057","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48075","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43980"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1"},{"reference_url":"https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13"},{"reference_url":"https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb"},{"reference_url":"https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc"},{"reference_url":"https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/"}],"url":"https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43980","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43980"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://www.debian.org/security/2022/dsa-5265","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/"}],"url":"https://www.debian.org/security/2022/dsa-5265"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/09/28/1","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/09/28/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2130599","reference_id":"2130599","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2130599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980","reference_id":"CVE-2021-43980","reference_type":"","scores":[{"value":"High","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980"},{"reference_url":"https://github.com/advisories/GHSA-jx7c-7mj5-9438","reference_id":"GHSA-jx7c-7mj5-9438","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jx7c-7mj5-9438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7272","reference_id":"RHSA-2022:7272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7273","reference_id":"RHSA-2022:7273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7273"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1028?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.78","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3bb-9ajg-sfc9"},{"vulnerability":"VCID-g7bk-891a-uufy"},{"vulnerability":"VCID-nmq2-8ysj-4fbc"},{"vulnerability":"VCID-p8q2-pt96-5ye8"},{"vulnerability":"VCID-qkx6-32cj-jfbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.78"},{"url":"http://public2.vulnerablecode.io/api/packages/880?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.62","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3bb-9ajg-sfc9"},{"vulnerability":"VCID-nmq2-8ysj-4fbc"},{"vulnerability":"VCID-p8q2-pt96-5ye8"},{"vulnerability":"VCID-qkx6-32cj-jfbp"},{"vulnerability":"VCID-stds-vw5z-auhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.62"},{"url":"http://public2.vulnerablecode.io/api/packages/732?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmq2-8ysj-4fbc"},{"vulnerability":"VCID-p8q2-pt96-5ye8"},{"vulnerability":"VCID-qkx6-32cj-jfbp"},{"vulnerability":"VCID-wptr-hkjx-s7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/736?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.0-M14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8war-4v58-eub2"},{"vulnerability":"VCID-qkx6-32cj-jfbp"},{"vulnerability":"VCID-wptr-hkjx-s7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M14"},{"url":"http://public2.vulnerablecode.io/api/packages/714?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8war-4v58-eub2"},{"vulnerability":"VCID-b3bb-9ajg-sfc9"},{"vulnerability":"VCID-stds-vw5z-auhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.1"}],"aliases":["CVE-2021-43980","GHSA-jx7c-7mj5-9438"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8tk-s915-pbfy"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.62"}