Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat-util@9.0.0
purl pkg:maven/org.apache.tomcat/tomcat-util@9.0.0
Tags Ghost
Next non-vulnerable version 9.0.83
Latest non-vulnerable version 11.0.1
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-259r-tjud-aaad
Aliases:
CVE-2020-1935
GHSA-qxf4-chvg-4r8r
Potential HTTP request smuggling in Apache Tomcat
9.0.31
Affected by 4 other vulnerabilities.
VCID-2vk8-jkgn-aaap
Aliases:
CVE-2019-0232
GHSA-8vmx-qmch-mpqg
High severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core
9.0.19
Affected by 6 other vulnerabilities.
VCID-a1en-zn2z-aaab
Aliases:
CVE-2021-43980
GHSA-jx7c-7mj5-9438
Apache Tomcat Race Condition vulnerability
9.0.62
Affected by 3 other vulnerabilities.
10.0.20
Affected by 0 other vulnerabilities.
10.1.1
Affected by 2 other vulnerabilities.
VCID-e318-2aad-aaag
Aliases:
CVE-2023-41080
GHSA-q3mw-pvr8-9ggc
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.
9.0.80
Affected by 1 other vulnerability.
10.1.13
Affected by 1 other vulnerability.
11.0.1
Affected by 0 other vulnerabilities.
VCID-pcvp-wv2z-aaas
Aliases:
CVE-2023-46589
GHSA-fccv-jmmp-qg76
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
9.0.83
Affected by 0 other vulnerabilities.
10.1.16
Affected by 0 other vulnerabilities.
11.0.1
Affected by 0 other vulnerabilities.
VCID-w4d3-t13k-aaab
Aliases:
CVE-2021-24122
GHSA-2rvv-w9r2-rg7m
Information Disclosure in Apache Tomcat
9.0.40
Affected by 4 other vulnerabilities.
10.0.2
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-09-17T22:36:28.643038+00:00 GitLab Importer Affected by VCID-w4d3-t13k-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml 34.0.1
2024-09-17T22:36:28.577192+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml 34.0.1
2024-09-17T22:36:28.447072+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 34.0.1
2024-09-17T22:36:28.206684+00:00 GitLab Importer Affected by VCID-259r-tjud-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2020-1935.yml 34.0.1
2024-09-17T22:36:27.593074+00:00 GitLab Importer Affected by VCID-2vk8-jkgn-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2019-0232.yml 34.0.1
2024-09-17T22:36:27.413025+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 34.0.1
2024-01-03T17:59:33.921464+00:00 GitLab Importer Affected by VCID-w4d3-t13k-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-24122.yml 34.0.0rc1
2024-01-03T17:59:33.861412+00:00 GitLab Importer Affected by VCID-a1en-zn2z-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2021-43980.yml 34.0.0rc1
2024-01-03T17:59:33.734741+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-46589.yml 34.0.0rc1
2024-01-03T17:59:33.504100+00:00 GitLab Importer Affected by VCID-259r-tjud-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2020-1935.yml 34.0.0rc1
2024-01-03T17:59:32.939399+00:00 GitLab Importer Affected by VCID-2vk8-jkgn-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2019-0232.yml 34.0.0rc1
2024-01-03T17:59:32.810197+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-util/CVE-2023-41080.yml 34.0.0rc1