Search for packages
| purl | pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.28 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4ecs-jzc4-23ap
Aliases: CVE-2024-52317 GHSA-qvf5-hvjx-wm27 |
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue. |
Affected by 3 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-59vp-c676-dfa4
Aliases: CVE-2025-46701 GHSA-h2fw-rfh5-95r3 |
Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-856z-sjqh-qfbz
Aliases: CVE-2025-31651 GHSA-ff77-26x5-69cr |
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-wbae-761d-qqeq
Aliases: CVE-2025-31650 GHSA-3p2h-wqq4-wf4h |
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T12:21:35.845805+00:00 | GitLab Importer | Affected by | VCID-59vp-c676-dfa4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-46701.yml | 37.0.0 |
| 2025-08-01T12:19:11.164274+00:00 | GitLab Importer | Affected by | VCID-wbae-761d-qqeq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-31650.yml | 37.0.0 |
| 2025-08-01T12:19:09.388582+00:00 | GitLab Importer | Affected by | VCID-856z-sjqh-qfbz | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-31651.yml | 37.0.0 |
| 2025-08-01T12:03:48.142812+00:00 | GitLab Importer | Affected by | VCID-4ecs-jzc4-23ap | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-52317.yml | 37.0.0 |