VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat-util@8.5.54

Vulnerability	Summary	Fixed by
VCID-a1en-zn2z-aaab Aliases: CVE-2021-43980 GHSA-jx7c-7mj5-9438	Apache Tomcat Race Condition vulnerability	8.5.78 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.0.62 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.20 Affected by 0 other vulnerabilities. 10.1.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-e318-2aad-aaag Aliases: CVE-2023-41080 GHSA-q3mw-pvr8-9ggc	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.	8.5.93 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.80 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.1.13 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 11.0.1 Affected by 0 other vulnerabilities.
VCID-pcvp-wv2z-aaas Aliases: CVE-2023-46589 GHSA-fccv-jmmp-qg76	Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.	8.5.96 Affected by 0 other vulnerabilities. 9.0.83 Affected by 0 other vulnerabilities. 10.1.16 Affected by 0 other vulnerabilities. 11.0.1 Affected by 0 other vulnerabilities.
VCID-w4d3-t13k-aaab Aliases: CVE-2021-24122 GHSA-2rvv-w9r2-rg7m	Information Disclosure in Apache Tomcat	8.5.60 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.0.40 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:48:40.638217+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	36.1.3
2025-06-20T16:40:56.938407+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	36.1.3
2025-06-20T16:40:55.801018+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	36.1.3
2025-06-20T16:07:48.752976+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	36.1.3
2025-06-20T16:07:44.306736+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	36.1.3
2025-06-20T14:56:01.388324+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	36.1.3
2025-06-20T14:56:01.034302+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	36.1.3
2025-06-03T23:26:15.791360+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	36.1.0
2025-06-03T23:19:34.276026+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	36.1.0
2025-06-03T23:19:33.317514+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	36.1.0
2025-06-03T22:47:52.908835+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	36.1.0
2025-06-03T22:47:48.808291+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	36.1.0
2025-06-03T21:39:32.285941+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	36.1.0
2025-06-03T21:39:31.961298+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	36.1.0
2025-06-02T23:23:50.656516+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	36.1.2
2025-06-02T23:16:39.205694+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	36.1.2
2025-06-02T23:16:38.069805+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	36.1.2
2025-06-02T22:37:16.955202+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	36.1.2
2025-06-02T22:37:11.931809+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	36.1.2
2025-06-02T21:22:28.948706+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	36.1.2
2025-06-02T21:22:28.566739+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	36.1.2
2025-04-03T21:46:42.255049+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	36.0.0
2025-04-03T21:31:14.660070+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	36.0.0
2025-04-03T21:31:11.721241+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	36.0.0
2025-04-03T20:25:35.917143+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	36.0.0
2025-04-03T20:25:24.146398+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	36.0.0
2025-04-03T18:07:57.940942+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	36.0.0
2025-04-03T18:07:56.979543+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	36.0.0
2025-02-18T01:05:28.305895+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	35.1.0
2025-02-18T01:04:25.542599+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	35.1.0
2025-02-18T01:04:20.982240+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	35.1.0
2025-02-18T00:30:25.704763+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	35.1.0
2025-02-18T00:30:22.606967+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	35.1.0
2025-02-18T00:06:59.025651+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	35.1.0
2025-02-18T00:06:49.062627+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	35.1.0
2024-11-20T23:30:41.424636+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	35.0.0
2024-11-20T23:30:14.967381+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	35.0.0
2024-11-20T23:13:43.443522+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	35.0.0
2024-11-20T23:00:58.328152+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	35.0.0
2024-11-18T23:19:33.663605+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.3.2
2024-11-18T23:19:01.005924+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.3.2
2024-11-18T23:01:20.514686+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.3.2
2024-11-18T22:47:33.443036+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	34.3.2
2024-10-08T00:16:57.564856+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.2
2024-10-08T00:16:29.784824+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.2
2024-10-08T00:00:22.716655+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.2
2024-10-07T23:47:51.483300+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	34.0.2
2024-09-23T00:30:58.799833+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.1
2024-09-23T00:30:33.539165+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.1
2024-09-23T00:14:14.621607+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.1
2024-09-23T00:02:00.255139+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	34.0.1
2024-04-24T02:41:51.540911+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.0rc4
2024-04-24T02:41:07.928335+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.0rc4
2024-04-24T02:41:03.293251+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	34.0.0rc4
2024-04-24T02:19:07.412748+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.0rc4
2024-04-24T02:19:05.630882+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	34.0.0rc4
2024-04-24T02:06:13.328403+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	34.0.0rc4
2024-04-24T02:06:06.545086+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	34.0.0rc4
2024-01-10T05:17:10.160381+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.0rc2
2024-01-10T05:16:26.583902+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.0rc2
2024-01-10T05:16:21.925224+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	34.0.0rc2
2024-01-10T04:53:39.677218+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.0rc2
2024-01-10T04:53:37.950663+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	34.0.0rc2
2024-01-10T04:40:10.742845+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	34.0.0rc2
2024-01-10T04:40:04.032118+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	34.0.0rc2
2024-01-03T22:05:00.412221+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.0rc1
2024-01-03T22:04:16.495047+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.0rc1
2024-01-03T22:04:11.825295+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	34.0.0rc1
2024-01-03T21:41:10.252105+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.0rc1
2024-01-03T21:41:08.522745+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	34.0.0rc1
2024-01-03T21:27:08.539984+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	34.0.0rc1
2024-01-03T21:27:01.812525+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	34.0.0rc1

Next non-vulnerable version	8.5.96
Latest non-vulnerable version	11.0.1
Risk	10.0