Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat-util@8.5.100 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-tc17-t52j-nyh4
Aliases: CVE-2025-52434 GHSA-4j3c-42xv-3f84 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 9.0.107, which fixes the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-u6f8-n1an-87hz
Aliases: CVE-2024-38286 GHSA-7jqf-v358-p8g7 |
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-09T13:35:47.268787+00:00 | GHSA Importer | Affected by | VCID-tc17-t52j-nyh4 | https://github.com/advisories/GHSA-4j3c-42xv-3f84 | 37.0.0 |
| 2025-08-09T13:35:46.198230+00:00 | GHSA Importer | Affected by | VCID-u6f8-n1an-87hz | https://github.com/advisories/GHSA-7jqf-v358-p8g7 | 37.0.0 |