VulnerableCode Package Details - pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M21

Search for packages

Vulnerability	Summary	Fixed by
VCID-7sta-sz5f-aaap Aliases: CVE-2023-28708 GHSA-2c9m-w27f-53rm	Apache Tomcat vulnerable to Unprotected Transport of Credentials	11.0.0 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ckkm-g4kc-tfbg Aliases: CVE-2025-31650 GHSA-3p2h-wqq4-wf4h	Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.	11.0.6 Affected by 0 other vulnerabilities.
VCID-yzt8-watu-qkcs Aliases: CVE-2025-31651 GHSA-ff77-26x5-69cr	Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.	11.0.6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-7sta-sz5f-aaap
Aliases:
CVE-2023-28708
GHSA-2c9m-w27f-53rm

Apache Tomcat vulnerable to Unprotected Transport of Credentials

11.0.0
Affected by 8 other vulnerabilities.

VCID-ckkm-g4kc-tfbg
Aliases:
CVE-2025-31650
GHSA-3p2h-wqq4-wf4h

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.

11.0.6
Affected by 0 other vulnerabilities.

VCID-yzt8-watu-qkcs
Aliases:
CVE-2025-31651
GHSA-ff77-26x5-69cr

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

11.0.6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-yktk-48uz-aaac	Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.	CVE-2024-34750 GHSA-wm9w-rjj3-j356

Vulnerability

Summary

Aliases

VCID-yktk-48uz-aaac

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.

CVE-2024-34750
GHSA-wm9w-rjj3-j356

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:20:47.274122+00:00	GitLab Importer	Affected by	VCID-ckkm-g4kc-tfbg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-31650.yml	36.1.3
2025-06-20T17:20:46.534788+00:00	GitLab Importer	Affected by	VCID-yzt8-watu-qkcs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-31651.yml	36.1.3
2025-06-20T17:04:36.171210+00:00	GitLab Importer	Fixing	VCID-yktk-48uz-aaac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-34750.yml	36.1.3
2025-06-20T16:25:29.984781+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2023-28708.yml	36.1.3
2025-06-20T16:25:27.477206+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	None	36.1.3
2025-06-05T17:12:10.817897+00:00	GHSA Importer	Fixing	VCID-yktk-48uz-aaac	https://github.com/advisories/GHSA-wm9w-rjj3-j356	36.1.0
2025-06-05T14:56:40.867142+00:00	GithubOSV Importer	Fixing	VCID-yktk-48uz-aaac	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-wm9w-rjj3-j356/GHSA-wm9w-rjj3-j356.json	36.1.0
2025-06-03T23:55:41.990330+00:00	GitLab Importer	Affected by	VCID-ckkm-g4kc-tfbg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-31650.yml	36.1.0
2025-06-03T23:55:41.405126+00:00	GitLab Importer	Affected by	VCID-yzt8-watu-qkcs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-31651.yml	36.1.0
2025-06-03T23:40:54.370611+00:00	GitLab Importer	Fixing	VCID-yktk-48uz-aaac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-34750.yml	36.1.0
2025-06-03T23:04:52.213922+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2023-28708.yml	36.1.0
2025-06-03T23:04:50.026449+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	None	36.1.0
2025-06-02T23:54:36.261068+00:00	GitLab Importer	Affected by	VCID-ckkm-g4kc-tfbg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-31650.yml	36.1.2
2025-06-02T23:54:35.554439+00:00	GitLab Importer	Affected by	VCID-yzt8-watu-qkcs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-31651.yml	36.1.2
2025-06-02T23:39:10.357497+00:00	GitLab Importer	Fixing	VCID-yktk-48uz-aaac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-34750.yml	36.1.2
2025-06-02T23:01:29.902518+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2023-28708.yml	36.1.2
2025-06-02T23:01:27.550825+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	None	36.1.2
2025-05-29T23:36:36.861051+00:00	GitLab Importer	Affected by	VCID-ckkm-g4kc-tfbg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-31650.yml	36.0.0
2025-05-29T23:36:36.062952+00:00	GitLab Importer	Affected by	VCID-yzt8-watu-qkcs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-31651.yml	36.0.0
2025-04-03T22:17:31.850840+00:00	GitLab Importer	Fixing	VCID-yktk-48uz-aaac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-34750.yml	36.0.0
2025-04-03T20:59:11.239415+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2023-28708.yml	36.0.0
2025-04-03T20:59:05.648400+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	None	36.0.0
2025-02-18T03:59:19.019804+00:00	GitLab Importer	Fixing	VCID-yktk-48uz-aaac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-34750.yml	35.1.0
2025-02-18T03:15:38.470917+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	None	35.1.0
2025-02-18T03:15:34.129870+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2023-28708.yml	35.1.0
2024-11-21T01:09:39.451009+00:00	GitLab Importer	Fixing	VCID-yktk-48uz-aaac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-34750.yml	35.0.0
2024-11-21T00:44:41.433889+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2023-28708.yml	35.0.0
2024-11-19T00:58:23.583342+00:00	GitLab Importer	Fixing	VCID-yktk-48uz-aaac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-34750.yml	34.3.2
2024-11-19T00:30:36.430502+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2023-28708.yml	34.3.2
2024-10-15T19:29:59.566395+00:00	GithubOSV Importer	Fixing	VCID-yktk-48uz-aaac	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-wm9w-rjj3-j356/GHSA-wm9w-rjj3-j356.json	34.0.2
2024-10-08T01:36:12.669084+00:00	GitLab Importer	Fixing	VCID-yktk-48uz-aaac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-34750.yml	34.0.2
2024-10-08T01:12:44.146488+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2023-28708.yml	34.0.2
2024-10-07T22:14:43.719444+00:00	GHSA Importer	Fixing	VCID-yktk-48uz-aaac	https://github.com/advisories/GHSA-wm9w-rjj3-j356	34.0.2
2024-09-23T01:19:35.893664+00:00	GitLab Importer	Affected by	VCID-7sta-sz5f-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2023-28708.yml	34.0.1
2024-09-18T09:20:19.391565+00:00	GithubOSV Importer	Fixing	VCID-yktk-48uz-aaac	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-wm9w-rjj3-j356/GHSA-wm9w-rjj3-j356.json	34.0.1
2024-09-17T22:40:48.393906+00:00	GitLab Importer	Fixing	VCID-yktk-48uz-aaac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-34750.yml	34.0.1
2024-09-17T21:59:54.187269+00:00	GHSA Importer	Fixing	VCID-yktk-48uz-aaac	https://github.com/advisories/GHSA-wm9w-rjj3-j356	34.0.1
2024-08-02T19:10:03.974382+00:00	GitLab Importer	Fixing	VCID-yktk-48uz-aaac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2024-34750.yml	34.0.0rc4
2024-07-06T02:04:10.001004+00:00	GHSA Importer	Fixing	VCID-yktk-48uz-aaac	https://github.com/advisories/GHSA-wm9w-rjj3-j356	34.0.0rc4
2024-07-06T01:33:27.079455+00:00	GithubOSV Importer	Fixing	VCID-yktk-48uz-aaac	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-wm9w-rjj3-j356/GHSA-wm9w-rjj3-j356.json	34.0.0rc4

2025-06-20T17:20:47.274122+00:00

GitLab Importer

Affected by

VCID-ckkm-g4kc-tfbg

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-31650.yml

36.1.3

2025-06-20T17:20:46.534788+00:00

GitLab Importer

Affected by

VCID-yzt8-watu-qkcs

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2025-31651.yml

36.1.3

2025-06-20T17:04:36.171210+00:00

GitLab Importer

Fixing

Next non-vulnerable version	11.0.6
Latest non-vulnerable version	11.0.8
Risk	10.0