Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.2
purl pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.2
Next non-vulnerable version 11.0.6
Latest non-vulnerable version 11.0.8
Risk 4.4
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-yzt8-watu-qkcs
Aliases:
CVE-2025-31651
GHSA-ff77-26x5-69cr
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
11.0.6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-2kcn-vmty-hyc5 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. CVE-2024-50379
GHSA-5j33-cvvr-w245
VCID-f414-dkxe-ckdp Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. CVE-2024-54677
GHSA-653p-vg55-5652
VCID-g1y6-gy6q-kbfm Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability CVE-2024-56337
GHSA-27hp-xhwr-wr2m

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T17:20:47.692717+00:00 GitLab Importer Affected by VCID-yzt8-watu-qkcs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2025-31651.yml 36.1.3
2025-06-20T17:14:22.295977+00:00 GitLab Importer Fixing VCID-g1y6-gy6q-kbfm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-56337.yml 36.1.3
2025-06-20T17:13:57.248648+00:00 GitLab Importer Fixing VCID-2kcn-vmty-hyc5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-50379.yml 36.1.3
2025-06-20T17:13:56.932930+00:00 GitLab Importer Fixing VCID-f414-dkxe-ckdp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-54677.yml 36.1.3
2025-06-03T23:55:42.323457+00:00 GitLab Importer Affected by VCID-yzt8-watu-qkcs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2025-31651.yml 36.1.0
2025-06-03T23:49:48.415646+00:00 GitLab Importer Fixing VCID-g1y6-gy6q-kbfm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-56337.yml 36.1.0
2025-06-03T23:49:23.907737+00:00 GitLab Importer Fixing VCID-2kcn-vmty-hyc5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-50379.yml 36.1.0
2025-06-03T23:49:23.593709+00:00 GitLab Importer Fixing VCID-f414-dkxe-ckdp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-54677.yml 36.1.0
2025-06-02T23:54:36.634554+00:00 GitLab Importer Affected by VCID-yzt8-watu-qkcs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2025-31651.yml 36.1.2
2025-06-02T23:48:33.153625+00:00 GitLab Importer Fixing VCID-g1y6-gy6q-kbfm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-56337.yml 36.1.2
2025-06-02T23:48:07.970691+00:00 GitLab Importer Fixing VCID-2kcn-vmty-hyc5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-50379.yml 36.1.2
2025-06-02T23:48:07.599153+00:00 GitLab Importer Fixing VCID-f414-dkxe-ckdp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-54677.yml 36.1.2
2025-05-29T23:36:37.307855+00:00 GitLab Importer Affected by VCID-yzt8-watu-qkcs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2025-31651.yml 36.0.0
2025-04-04T11:32:35.935178+00:00 GithubOSV Importer Fixing VCID-f414-dkxe-ckdp https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json 36.0.0
2025-04-03T22:36:37.236102+00:00 GitLab Importer Fixing VCID-2kcn-vmty-hyc5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-50379.yml 36.0.0
2025-03-28T20:12:46.261779+00:00 GHSA Importer Fixing VCID-f414-dkxe-ckdp https://github.com/advisories/GHSA-653p-vg55-5652 36.0.0
2025-03-28T16:49:33.502703+00:00 GitLab Importer Fixing VCID-g1y6-gy6q-kbfm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-56337.yml 36.0.0
2025-03-28T16:49:30.213545+00:00 GitLab Importer Fixing VCID-f414-dkxe-ckdp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-54677.yml 36.0.0
2025-01-17T02:47:57.549314+00:00 GHSA Importer Fixing VCID-g1y6-gy6q-kbfm https://github.com/advisories/GHSA-27hp-xhwr-wr2m 35.1.0
2025-01-17T02:47:54.032795+00:00 GHSA Importer Fixing VCID-2kcn-vmty-hyc5 https://github.com/advisories/GHSA-5j33-cvvr-w245 35.1.0
2025-01-16T23:29:01.028652+00:00 GitLab Importer Fixing VCID-f414-dkxe-ckdp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-54677.yml 35.1.0
2025-01-16T23:28:57.637985+00:00 GitLab Importer Fixing VCID-2kcn-vmty-hyc5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2024-50379.yml 35.1.0
2025-01-16T20:08:42.319638+00:00 GithubOSV Importer Fixing VCID-2kcn-vmty-hyc5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-5j33-cvvr-w245/GHSA-5j33-cvvr-w245.json 35.1.0
2025-01-16T20:08:37.440064+00:00 GithubOSV Importer Fixing VCID-g1y6-gy6q-kbfm https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-27hp-xhwr-wr2m/GHSA-27hp-xhwr-wr2m.json 35.1.0
2024-12-23T15:32:35.199584+00:00 GHSA Importer Fixing VCID-g1y6-gy6q-kbfm https://github.com/advisories/GHSA-27hp-xhwr-wr2m 35.0.0
2024-12-19T22:31:49.868407+00:00 GHSA Importer Fixing VCID-f414-dkxe-ckdp https://github.com/advisories/GHSA-653p-vg55-5652 35.0.0
2024-12-19T22:31:46.309693+00:00 GHSA Importer Fixing VCID-2kcn-vmty-hyc5 https://github.com/advisories/GHSA-5j33-cvvr-w245 35.0.0
2024-12-18T04:22:51.285170+00:00 GithubOSV Importer Fixing VCID-f414-dkxe-ckdp https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json 35.0.0
2024-12-18T04:21:48.126223+00:00 GithubOSV Importer Fixing VCID-2kcn-vmty-hyc5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-5j33-cvvr-w245/GHSA-5j33-cvvr-w245.json 35.0.0