VulnerableCode Package Details - pkg:maven/org.apache.tomcat/coyote@9.0.81

Search for packages

Vulnerability	Summary	Fixed by
VCID-5hpn-smw4-pqcs Aliases: CVE-2023-42795 GHSA-g8pj-r55q-5c2v	Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.	There are no reported fixed by versions.
VCID-pjyw-m6xk-9qbb Aliases: CVE-2023-45648 GHSA-r6j3-px5g-cq3x	Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-5hpn-smw4-pqcs
Aliases:
CVE-2023-42795
GHSA-g8pj-r55q-5c2v

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

There are no reported fixed by versions.

VCID-pjyw-m6xk-9qbb
Aliases:
CVE-2023-45648
GHSA-r6j3-px5g-cq3x

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-31T09:30:14.924605+00:00	GitLab Importer	Affected by	VCID-pjyw-m6xk-9qbb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2023-45648.yml	37.0.0
2025-07-31T09:30:12.104800+00:00	GitLab Importer	Affected by	VCID-5hpn-smw4-pqcs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2023-42795.yml	37.0.0

2025-07-31T09:30:14.924605+00:00

GitLab Importer

Affected by

VCID-pjyw-m6xk-9qbb

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2023-45648.yml

37.0.0

2025-07-31T09:30:12.104800+00:00

GitLab Importer

Affected by

VCID-5hpn-smw4-pqcs

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2023-42795.yml

37.0.0

purl	pkg:maven/org.apache.tomcat/coyote@9.0.81
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0