VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat-util@8.5.56

Vulnerability	Summary	Fixed by
VCID-a1en-zn2z-aaab Aliases: CVE-2021-43980 GHSA-jx7c-7mj5-9438	Apache Tomcat Race Condition vulnerability	8.5.78 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.0.62 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.20 Affected by 0 other vulnerabilities. 10.1.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-e318-2aad-aaag Aliases: CVE-2023-41080 GHSA-q3mw-pvr8-9ggc	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.	8.5.93 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.80 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.1.13 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 11.0.1 Affected by 0 other vulnerabilities.
VCID-pcvp-wv2z-aaas Aliases: CVE-2023-46589 GHSA-fccv-jmmp-qg76	Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.	8.5.96 Affected by 0 other vulnerabilities. 9.0.83 Affected by 0 other vulnerabilities. 10.1.16 Affected by 0 other vulnerabilities. 11.0.1 Affected by 0 other vulnerabilities.
VCID-w4d3-t13k-aaab Aliases: CVE-2021-24122 GHSA-2rvv-w9r2-rg7m	Information Disclosure in Apache Tomcat	8.5.60 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.0.40 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:48:40.642569+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	36.1.3
2025-06-20T16:40:56.942221+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	36.1.3
2025-06-20T16:40:55.805081+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	36.1.3
2025-06-20T16:07:48.756635+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	36.1.3
2025-06-20T16:07:44.309963+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	36.1.3
2025-06-20T14:56:01.392027+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	36.1.3
2025-06-20T14:56:01.038033+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	36.1.3
2025-06-03T23:26:15.794407+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	36.1.0
2025-06-03T23:19:34.278965+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	36.1.0
2025-06-03T23:19:33.320494+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	36.1.0
2025-06-03T22:47:52.912382+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	36.1.0
2025-06-03T22:47:48.811351+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	36.1.0
2025-06-03T21:39:32.289526+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	36.1.0
2025-06-03T21:39:31.964905+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	36.1.0
2025-06-02T23:23:50.659925+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	36.1.2
2025-06-02T23:16:39.208938+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	36.1.2
2025-06-02T23:16:38.073783+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	36.1.2
2025-06-02T22:37:16.958859+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	36.1.2
2025-06-02T22:37:11.935047+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	36.1.2
2025-06-02T21:22:28.952800+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	36.1.2
2025-06-02T21:22:28.570357+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	36.1.2
2025-04-03T21:46:42.264948+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	36.0.0
2025-04-03T21:31:14.669785+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	36.0.0
2025-04-03T21:31:11.731182+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	36.0.0
2025-04-03T20:25:35.926901+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	36.0.0
2025-04-03T20:25:24.156190+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	36.0.0
2025-04-03T18:07:57.950743+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	36.0.0
2025-04-03T18:07:56.989335+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	36.0.0
2025-02-18T01:05:28.315600+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	35.1.0
2025-02-18T01:04:25.552273+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	35.1.0
2025-02-18T01:04:20.991785+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	35.1.0
2025-02-18T00:30:25.714527+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	35.1.0
2025-02-18T00:30:22.616588+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	35.1.0
2025-02-18T00:06:59.035324+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	35.1.0
2025-02-18T00:06:49.072357+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	35.1.0
2024-11-20T23:30:41.434615+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	35.0.0
2024-11-20T23:30:14.977303+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	35.0.0
2024-11-20T23:13:43.454134+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	35.0.0
2024-11-20T23:00:58.338080+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	35.0.0
2024-11-18T23:19:33.673609+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.3.2
2024-11-18T23:19:01.015713+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.3.2
2024-11-18T23:01:20.524297+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.3.2
2024-11-18T22:47:33.452649+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	34.3.2
2024-10-08T00:16:57.574691+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.2
2024-10-08T00:16:29.794875+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.2
2024-10-08T00:00:22.725643+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.2
2024-10-07T23:47:51.492922+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	34.0.2
2024-09-23T00:30:58.809407+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.1
2024-09-23T00:30:33.548800+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.1
2024-09-23T00:14:14.631120+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.1
2024-09-23T00:02:00.264742+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	34.0.1
2024-04-24T02:41:51.550187+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.0rc4
2024-04-24T02:41:07.937482+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.0rc4
2024-04-24T02:41:03.302540+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	34.0.0rc4
2024-04-24T02:19:07.422612+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.0rc4
2024-04-24T02:19:05.640168+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	34.0.0rc4
2024-04-24T02:06:13.337564+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	34.0.0rc4
2024-04-24T02:06:06.554365+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	34.0.0rc4
2024-01-10T05:17:10.169605+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.0rc2
2024-01-10T05:16:26.593096+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.0rc2
2024-01-10T05:16:21.934430+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	34.0.0rc2
2024-01-10T04:53:39.686448+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.0rc2
2024-01-10T04:53:37.959855+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	34.0.0rc2
2024-01-10T04:40:10.752131+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	34.0.0rc2
2024-01-10T04:40:04.041485+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	34.0.0rc2
2024-01-03T22:05:00.422405+00:00	GitLab Importer	Affected by	VCID-pcvp-wv2z-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml	34.0.0rc1
2024-01-03T22:04:16.504438+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml	34.0.0rc1
2024-01-03T22:04:11.834409+00:00	GitLab Importer	Affected by	VCID-e318-2aad-aaag	None	34.0.0rc1
2024-01-03T21:41:10.261535+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml	34.0.0rc1
2024-01-03T21:41:08.532065+00:00	GitLab Importer	Affected by	VCID-a1en-zn2z-aaab	None	34.0.0rc1
2024-01-03T21:27:08.549217+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	None	34.0.0rc1
2024-01-03T21:27:01.821908+00:00	GitLab Importer	Affected by	VCID-w4d3-t13k-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml	34.0.0rc1

Next non-vulnerable version	8.5.96
Latest non-vulnerable version	11.0.1
Risk	10.0