VulnerableCode Package Details - pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@9.0.0

Search for packages

Package details: pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@9.0.0

Essentials
History (10)

purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@9.0.0
Tags	Ghost

Next non-vulnerable version	9.0.86
Latest non-vulnerable version	11.0.1
Risk	10.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-a1en-zn2z-aaab Aliases: CVE-2021-43980 GHSA-jx7c-7mj5-9438	Apache Tomcat Race Condition vulnerability	9.0.62 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.20 Affected by 0 other vulnerabilities. 10.1.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-e318-2aad-aaag Aliases: CVE-2023-41080 GHSA-q3mw-pvr8-9ggc	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.	9.0.80 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.1.13 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.1 Affected by 0 other vulnerabilities.
VCID-nj2d-yt1t-aaaj Aliases: CVE-2020-13935 GHSA-m7jv-hq7h-mq7c	Infinite Loop in Apache Tomcat	9.0.37 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-pcvp-wv2z-aaas Aliases: CVE-2023-46589 GHSA-fccv-jmmp-qg76	Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.	9.0.83 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.1.16 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 11.0.1 Affected by 0 other vulnerabilities.
VCID-w4d3-t13k-aaab Aliases: CVE-2021-24122 GHSA-2rvv-w9r2-rg7m	Information Disclosure in Apache Tomcat	9.0.40 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.0-M10 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-09-17T22:40:41.132014+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-24122.yml	34.0.1
2024-09-17T22:40:41.065676+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml	34.0.1
2024-09-17T22:40:40.941006+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml	34.0.1
2024-09-17T22:40:40.787892+00:00	GitLab Importer	Affected by	VCID-nj2d-yt1t-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2020-13935.yml	34.0.1
2024-09-17T22:40:40.635442+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml	34.0.1
2024-01-03T18:03:04.674965+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-24122.yml	34.0.0rc1
2024-01-03T18:03:04.610709+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2021-43980.yml	34.0.0rc1
2024-01-03T18:03:04.479930+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-46589.yml	34.0.0rc1
2024-01-03T18:03:04.304615+00:00	GitLab Importer	Affected by	VCID-nj2d-yt1t-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2020-13935.yml	34.0.0rc1
2024-01-03T18:03:04.150510+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-websocket/CVE-2023-41080.yml	34.0.0rc1