VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat-util@11.0.0-M1

Search for packages

Package details: pkg:maven/org.apache.tomcat/tomcat-util@11.0.0-M1

Essentials
History (2)

purl	pkg:maven/org.apache.tomcat/tomcat-util@11.0.0-M1

Next non-vulnerable version	11.0.0-M21
Latest non-vulnerable version	11.0.1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-s526-jddr-jqd1 Aliases: CVE-2024-38286 GHSA-7jqf-v358-p8g7	Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.	11.0.0-M21 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-29T10:50:01.804781+00:00	GHSA Importer	Affected by	VCID-s526-jddr-jqd1	https://github.com/advisories/GHSA-7jqf-v358-p8g7	36.0.0
2024-11-19T19:45:19.884919+00:00	GHSA Importer	Affected by	VCID-s526-jddr-jqd1	https://github.com/advisories/GHSA-7jqf-v358-p8g7	34.3.2