Search for packages
| purl | pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.18 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-59sa-ur8p-aaaa
Aliases: CVE-2021-42340 GHSA-wph7-x527-w3h5 |
Missing Release of Resource after Effective Lifetime in Apache Tomcat |
Affected by 10 other vulnerabilities. |
|
VCID-6y3x-kyj7-aaaf
Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013 |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
Affected by 7 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-7tp8-ektn-aaan
Aliases: CVE-2022-42252 GHSA-p22x-g9px-3945 |
Apache Tomcat may reject request containing invalid Content-Length header |
Affected by 2 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-a1en-zn2z-aaab
Aliases: CVE-2021-43980 GHSA-jx7c-7mj5-9438 |
Apache Tomcat Race Condition vulnerability |
Affected by 5 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-c5mx-k2k4-aaag
Aliases: CVE-2022-34305 GHSA-6j88-6whg-x687 |
Cross-site Scripting in Apache Tomcat |
Affected by 3 other vulnerabilities. |
|
VCID-gyd5-cdaj-aaae
Aliases: CVE-2022-29885 GHSA-r84p-88g2-2vx2 |
Uncontrolled Resource Consumption The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. |
Affected by 4 other vulnerabilities. Affected by 10 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||