Search for packages
Package details: pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@8.5.77
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@8.5.77
Next non-vulnerable version 8.5.99
Latest non-vulnerable version 11.0.1
Risk 10.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-a1en-zn2z-aaab
Aliases:
CVE-2021-43980
GHSA-jx7c-7mj5-9438
Apache Tomcat Race Condition vulnerability
8.5.78
Affected by 3 other vulnerabilities.
9.0.62
Affected by 3 other vulnerabilities.
10.0.20
Affected by 0 other vulnerabilities.
10.1.1
Affected by 3 other vulnerabilities.
VCID-e318-2aad-aaag
Aliases:
CVE-2023-41080
GHSA-q3mw-pvr8-9ggc
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.
8.5.93
Affected by 2 other vulnerabilities.
9.0.80
Affected by 2 other vulnerabilities.
10.1.13
Affected by 2 other vulnerabilities.
11.0.1
Affected by 0 other vulnerabilities.
VCID-exnf-s6zc-aaah
Aliases:
CVE-2024-23672
GHSA-v682-8vv8-vpwr
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
8.5.99
Affected by 0 other vulnerabilities.
9.0.86
Affected by 0 other vulnerabilities.
10.1.19
Affected by 0 other vulnerabilities.
11.0.0-M17
Affected by 0 other vulnerabilities.
VCID-pcvp-wv2z-aaas
Aliases:
CVE-2023-46589
GHSA-fccv-jmmp-qg76
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
8.5.96
Affected by 1 other vulnerability.
9.0.83
Affected by 1 other vulnerability.
10.1.16
Affected by 1 other vulnerability.
11.0.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T16:48:38.914342+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml 36.1.3
2025-06-20T16:40:59.401430+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 36.1.3
2025-06-20T16:40:55.186535+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml 36.1.3
2025-06-20T16:07:49.411098+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml 36.1.3
2025-06-20T16:07:38.488694+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab None 36.1.3
2025-06-03T23:26:14.528486+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml 36.1.0
2025-06-03T23:19:36.443345+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 36.1.0
2025-06-03T23:19:32.760622+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml 36.1.0
2025-06-03T22:47:53.522857+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml 36.1.0
2025-06-03T22:47:43.582865+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab None 36.1.0
2025-06-02T23:23:49.372675+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml 36.1.2
2025-06-02T23:16:41.399177+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 36.1.2
2025-06-02T23:16:37.436642+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml 36.1.2
2025-06-02T22:37:17.737714+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml 36.1.2
2025-06-02T22:37:05.484320+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab None 36.1.2
2025-04-03T21:46:38.522959+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml 36.0.0
2025-04-03T21:31:20.440277+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 36.0.0
2025-04-03T21:31:10.161260+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml 36.0.0
2025-04-03T20:25:37.683721+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml 36.0.0
2025-04-03T20:25:09.807890+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab None 36.0.0
2025-02-18T01:05:27.433661+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml 35.1.0
2025-02-18T01:04:28.330232+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 35.1.0
2025-02-18T01:04:22.992496+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml 35.1.0
2025-02-18T00:30:24.269778+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml 35.1.0
2025-02-18T00:30:21.933750+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab None 35.1.0
2024-11-20T23:30:40.535603+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml 35.0.0
2024-11-20T23:30:13.110960+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml 35.0.0
2024-11-20T23:13:41.878085+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml 35.0.0
2024-11-18T23:19:32.818580+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml 34.3.2
2024-11-18T23:18:59.185978+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml 34.3.2
2024-11-18T23:01:18.987147+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml 34.3.2
2024-10-08T00:16:56.689425+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml 34.0.2
2024-10-08T00:16:27.890787+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml 34.0.2
2024-10-08T00:00:21.152828+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml 34.0.2
2024-10-07T22:04:36.147958+00:00 GHSA Importer Affected by VCID-exnf-s6zc-aaah https://github.com/advisories/GHSA-v682-8vv8-vpwr 34.0.2
2024-09-23T00:30:57.966011+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml 34.0.1
2024-09-23T00:30:31.796719+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml 34.0.1
2024-09-22T22:26:37.904261+00:00 GHSA Importer Affected by VCID-exnf-s6zc-aaah https://github.com/advisories/GHSA-v682-8vv8-vpwr 34.0.1
2024-09-17T22:40:41.060705+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml 34.0.1
2024-05-17T21:13:49.526436+00:00 GHSA Importer Affected by VCID-exnf-s6zc-aaah https://github.com/advisories/GHSA-v682-8vv8-vpwr 34.0.0rc4
2024-04-24T02:41:52.639304+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml 34.0.0rc4
2024-04-24T02:41:07.137954+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 34.0.0rc4
2024-04-24T02:41:06.243270+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml 34.0.0rc4
2024-04-24T02:19:09.303902+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml 34.0.0rc4
2024-04-24T02:19:04.887061+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab None 34.0.0rc4
2024-01-10T05:17:11.262976+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml 34.0.0rc2
2024-01-10T05:16:25.800435+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 34.0.0rc2
2024-01-10T05:16:24.907162+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml 34.0.0rc2
2024-01-10T04:53:41.506398+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml 34.0.0rc2
2024-01-10T04:53:37.252527+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab None 34.0.0rc2
2024-01-03T22:05:01.657272+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml 34.0.0rc1
2024-01-03T22:04:15.713567+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 34.0.0rc1
2024-01-03T22:04:14.804492+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml 34.0.0rc1
2024-01-03T21:41:07.830757+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab None 34.0.0rc1
2024-01-03T18:03:04.605950+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml 34.0.0rc1