VulnerableCode Package Details - pkg:maven/org.apache.tomcat/coyote@10.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-a1en-zn2z-aaab Aliases: CVE-2021-43980 GHSA-jx7c-7mj5-9438	Apache Tomcat Race Condition vulnerability	There are no reported fixed by versions.
VCID-gyd5-cdaj-aaae Aliases: CVE-2022-29885 GHSA-r84p-88g2-2vx2	Uncontrolled Resource Consumption The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.	There are no reported fixed by versions.
VCID-qg8v-amgp-aaad Aliases: CVE-2020-13943 GHSA-f268-65qc-98vg	Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-a1en-zn2z-aaab
Aliases:
CVE-2021-43980
GHSA-jx7c-7mj5-9438

Apache Tomcat Race Condition vulnerability

There are no reported fixed by versions.

VCID-gyd5-cdaj-aaae
Aliases:
CVE-2022-29885
GHSA-r84p-88g2-2vx2

Uncontrolled Resource Consumption The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

There are no reported fixed by versions.

VCID-qg8v-amgp-aaad
Aliases:
CVE-2020-13943
GHSA-f268-65qc-98vg

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-01-16T23:28:28.882929+00:00	GitLab Importer	Affected by	VCID-gyd5-cdaj-aaae	None	35.1.0
2024-09-17T22:37:00.704588+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2021-43980.yml	34.0.1
2024-09-17T22:37:00.412954+00:00	GitLab Importer	Affected by	VCID-qg8v-amgp-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2020-13943.yml	34.0.1
2024-09-17T22:37:00.166414+00:00	GitLab Importer	Affected by	VCID-gyd5-cdaj-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2022-29885.yml	34.0.1
2024-01-03T18:00:04.469036+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2021-43980.yml	34.0.0rc1
2024-01-03T18:00:04.209869+00:00	GitLab Importer	Affected by	VCID-qg8v-amgp-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2020-13943.yml	34.0.0rc1
2024-01-03T18:00:03.991486+00:00	GitLab Importer	Affected by	VCID-gyd5-cdaj-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2022-29885.yml	34.0.0rc1