Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.106

Type maven

Namespace org.apache.tomcat

Name tomcat-coyote-ffm

Version 9.0.106

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 9.0.117

Latest_non_vulnerable_version 11.0.21

Affected_by_vulnerabilities

url VCID-8qk1-ufax-eugz

vulnerability_id VCID-8qk1-ufax-eugz

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-29145

reference_id

reference_type

scores

value	0.00028
scoring_system	epss
scoring_elements	0.08602
published_at	2026-06-05T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08618
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-29145

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b

reference_url

https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b

reference_url

https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90

reference_url

https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:10:50Z/

url

https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-29145

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-29145

reference_url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53

reference_url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20

reference_url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116

reference_url

http://www.openwall.com/lists/oss-security/2026/04/09/23

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/09/23

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id	1133356
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id	1133357
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457037
reference_id	2457037
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457037

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145

reference_id

CVE-2026-29145

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145

reference_url	https://github.com/advisories/GHSA-95jq-rwvf-vjx4
reference_id	GHSA-95jq-rwvf-vjx4
reference_type
scores
url	https://github.com/advisories/GHSA-95jq-rwvf-vjx4

reference_url	https://access.redhat.com/errata/RHSA-2026:20405
reference_id	RHSA-2026:20405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20405

reference_url	https://access.redhat.com/errata/RHSA-2026:20406
reference_id	RHSA-2026:20406
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20406

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.116

purl pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.116

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.116

url pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.53

purl pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.53

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.53

url pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.20

purl pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.20

aliases CVE-2026-29145, GHSA-95jq-rwvf-vjx4

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qk1-ufax-eugz

url VCID-s93z-rmw7-5bcw

vulnerability_id VCID-s93z-rmw7-5bcw

summary

Apache Tomcat Native OCSP verification bypass
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.

When using an OCSP responder, Tomcat Native did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.

The vulnerable code is in the process_ocsp_response() function in sslutils.c, which was missing calls to OCSP_basic_verify(), OCSP_check_validity(), and OCSP_check_nonce().

This issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11. The following versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39.

Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24734.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24734.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24734

reference_id

reference_type

scores

value	0.00091
scoring_system	epss
scoring_elements	0.25786
published_at	2026-06-05T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25778
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24734

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-21T21:16:49Z/

url

https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2440426
reference_id	2440426
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2440426

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734

reference_id

CVE-2026-24734

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24734

reference_id

CVE-2026-24734

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24734

reference_url

https://github.com/advisories/GHSA-mgp5-rv84-w37q

reference_id

GHSA-mgp5-rv84-w37q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mgp5-rv84-w37q

reference_url	https://access.redhat.com/errata/RHSA-2026:19054
reference_id	RHSA-2026:19054
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19054

reference_url	https://access.redhat.com/errata/RHSA-2026:5611
reference_id	RHSA-2026:5611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5611

reference_url	https://access.redhat.com/errata/RHSA-2026:5612
reference_id	RHSA-2026:5612
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5612

reference_url	https://access.redhat.com/errata/RHSA-2026:6569
reference_id	RHSA-2026:6569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6569

reference_url	https://access.redhat.com/errata/RHSA-2026:8334
reference_id	RHSA-2026:8334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8334

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.115

purl pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.115

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.115

url pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.52

purl pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.52

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.52

url pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.18

purl pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.18

aliases CVE-2026-24734, GHSA-mgp5-rv84-w37q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s93z-rmw7-5bcw

url VCID-z8df-aq4y-ubet

vulnerability_id VCID-z8df-aq4y-ubet

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34500.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34500.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34500

reference_id

reference_type

scores

value	0.00149
scoring_system	epss
scoring_elements	0.35191
published_at	2026-06-05T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35207
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34500

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://github.com/apache/tomcat/commit/29b56a56ce9e7d044b6162a99af0f38529b3a208

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/29b56a56ce9e7d044b6162a99af0f38529b3a208

reference_url

https://github.com/apache/tomcat/commit/c13e60e732ea6d07087293a41ad1866c20848271

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/c13e60e732ea6d07087293a41ad1866c20848271

reference_url

https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f

reference_url

https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:21:50Z/

url

https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-34500

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-34500

reference_url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54

reference_url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21

reference_url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117

reference_url

http://www.openwall.com/lists/oss-security/2026/04/09/29

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/09/29

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id	1133356
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id	1133357
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457043
reference_id	2457043
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457043

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34500

reference_id

CVE-2026-34500

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34500

reference_url	https://github.com/advisories/GHSA-24j9-x2wg-9qv6
reference_id	GHSA-24j9-x2wg-9qv6
reference_type
scores
url	https://github.com/advisories/GHSA-24j9-x2wg-9qv6

reference_url	https://access.redhat.com/errata/RHSA-2026:20405
reference_id	RHSA-2026:20405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20405

reference_url	https://access.redhat.com/errata/RHSA-2026:20406
reference_id	RHSA-2026:20406
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20406

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.117
purl	pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.117
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.117

url	pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.54
purl	pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.54
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.54

url	pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.21
purl	pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.21

aliases CVE-2026-34500, GHSA-24j9-x2wg-9qv6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z8df-aq4y-ubet

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.106

Package Instance