Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat-catalina@8.5
purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5
Tags Ghost
Next non-vulnerable version 9.0.104
Latest non-vulnerable version 11.0.8
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-jtsq-4sgf-aaag
Aliases:
CVE-2017-7674
GHSA-73rx-3f9r-x949
Insufficient Verification of Data Authenticity The CORS Filter in Apache Tomcat does not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
8.5.16
Affected by 9 other vulnerabilities.
9.0.0.M22
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-09-17T22:36:58.778992+00:00 GitLab Importer Affected by VCID-jtsq-4sgf-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2017-7674.yml 34.0.1
2024-01-03T18:00:02.571592+00:00 GitLab Importer Affected by VCID-jtsq-4sgf-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-catalina/CVE-2017-7674.yml 34.0.0rc1