VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat-util@10.1.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-e318-2aad-aaag Aliases: CVE-2023-41080 GHSA-q3mw-pvr8-9ggc	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.	10.1.13 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 11.0.1 Affected by 0 other vulnerabilities.
VCID-pcvp-wv2z-aaas Aliases: CVE-2023-46589 GHSA-fccv-jmmp-qg76	Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.	10.1.16 Affected by 0 other vulnerabilities. 11.0.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-e318-2aad-aaag
Aliases:
CVE-2023-41080
GHSA-q3mw-pvr8-9ggc

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.

10.1.13
Affected by 1 other vulnerability.

11.0.1
Affected by 0 other vulnerabilities.

VCID-pcvp-wv2z-aaas
Aliases:
CVE-2023-46589
GHSA-fccv-jmmp-qg76

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

10.1.16
Affected by 0 other vulnerabilities.

11.0.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-a1en-zn2z-aaab	Apache Tomcat Race Condition vulnerability	CVE-2021-43980 GHSA-jx7c-7mj5-9438

Vulnerability

Summary

Aliases

VCID-a1en-zn2z-aaab

Apache Tomcat Race Condition vulnerability

CVE-2021-43980
GHSA-jx7c-7mj5-9438

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:48:40.886645+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	36.1.3
2025-06-20T16:40:57.135927+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	36.1.3
2025-06-20T16:40:56.005684+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	36.1.3
2025-06-20T16:07:48.913592+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	None	36.1.3
2025-06-20T16:07:44.461973+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	36.1.3
2025-06-03T23:26:15.961918+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	36.1.0
2025-06-03T23:19:34.430317+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	36.1.0
2025-06-03T23:19:33.490884+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	36.1.0
2025-06-03T22:47:53.074713+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	None	36.1.0
2025-06-03T22:47:48.951995+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	36.1.0
2025-06-02T23:23:50.853482+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	36.1.2
2025-06-02T23:16:39.399994+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	36.1.2
2025-06-02T23:16:38.276228+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	36.1.2
2025-06-02T22:37:17.145043+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	None	36.1.2
2025-06-02T22:37:12.105709+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	36.1.2
2025-04-03T21:46:42.819062+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	36.0.0
2025-04-03T21:31:15.165249+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	36.0.0
2025-04-03T21:31:12.247306+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	36.0.0
2025-04-03T20:25:36.368156+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	None	36.0.0
2025-04-03T20:25:24.615173+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	36.0.0
2025-02-18T01:05:28.852100+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	35.1.0
2025-02-18T01:04:26.057244+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	35.1.0
2025-02-18T01:04:21.482033+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	35.1.0
2025-02-18T00:30:26.167740+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	35.1.0
2025-02-18T00:30:23.052076+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	None	35.1.0
2024-11-20T23:30:41.981273+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	35.0.0
2024-11-20T23:30:15.498470+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	35.0.0
2024-11-20T23:13:43.920646+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	35.0.0
2024-11-18T23:19:34.222597+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.3.2
2024-11-18T23:19:01.535931+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.3.2
2024-11-18T23:01:20.963799+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.3.2
2024-10-08T00:16:58.119468+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.2
2024-10-08T00:16:30.308679+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.2
2024-10-08T00:00:23.167042+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.2
2024-09-23T00:30:59.332657+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.1
2024-09-23T00:30:34.045051+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.1
2024-09-23T00:14:15.081518+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.1
2024-04-24T02:41:52.066196+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.0rc4
2024-04-24T02:41:08.427245+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.0rc4
2024-04-24T02:41:03.771680+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	34.0.0rc4
2024-04-24T02:19:07.853685+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.0rc4
2024-04-24T02:19:06.074667+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	None	34.0.0rc4
2024-01-10T05:17:10.684485+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.0rc2
2024-01-10T05:16:27.072738+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.0rc2
2024-01-10T05:16:22.401954+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	34.0.0rc2
2024-01-10T04:53:40.119939+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.0rc2
2024-01-10T04:53:38.378126+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	None	34.0.0rc2
2024-01-03T22:05:01.015646+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.0rc1
2024-01-03T22:04:16.987186+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.0rc1
2024-01-03T22:04:12.299751+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	34.0.0rc1
2024-01-03T21:41:10.690831+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.0rc1
2024-01-03T21:41:08.948377+00:00	GitLab Importer	Fixing	VCID-a1en-zn2z-aaab	None	34.0.0rc1