VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.40

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-yzt8-watu-qkcs	Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.	CVE-2025-31651 GHSA-ff77-26x5-69cr

Vulnerability

Summary

Aliases

VCID-yzt8-watu-qkcs

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

CVE-2025-31651
GHSA-ff77-26x5-69cr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:20:47.633157+00:00	GitLab Importer	Fixing	VCID-yzt8-watu-qkcs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2025-31651.yml	36.1.3
2025-06-03T23:55:42.273806+00:00	GitLab Importer	Fixing	VCID-yzt8-watu-qkcs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2025-31651.yml	36.1.0
2025-06-02T23:54:36.575264+00:00	GitLab Importer	Fixing	VCID-yzt8-watu-qkcs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2025-31651.yml	36.1.2
2025-05-29T00:08:25.723401+00:00	GitLab Importer	Fixing	VCID-yzt8-watu-qkcs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2025-31651.yml	36.0.0
2025-04-29T20:54:08.802525+00:00	GithubOSV Importer	Fixing	VCID-yzt8-watu-qkcs	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-ff77-26x5-69cr/GHSA-ff77-26x5-69cr.json	36.0.0
2025-04-29T20:43:37.629420+00:00	GHSA Importer	Fixing	VCID-yzt8-watu-qkcs	https://github.com/advisories/GHSA-ff77-26x5-69cr	36.0.0