diff --git a/advisories/github-reviewed/2024/11/GHSA-7jqf-v358-p8g7/GHSA-7jqf-v358-p8g7.json b/advisories/github-reviewed/2024/11/GHSA-7jqf-v358-p8g7/GHSA-7jqf-v358-p8g7.json index 2841311e51943..caaa687dae49a 100644 --- a/advisories/github-reviewed/2024/11/GHSA-7jqf-v358-p8g7/GHSA-7jqf-v358-p8g7.json +++ b/advisories/github-reviewed/2024/11/GHSA-7jqf-v358-p8g7/GHSA-7jqf-v358-p8g7.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-7jqf-v358-p8g7", - "modified": "2026-07-01T16:24:31Z", + "modified": "2026-07-01T16:24:32Z", "published": "2024-11-07T09:30:42Z", "aliases": [ "CVE-2024-38286" @@ -9,10 +9,6 @@ "summary": "Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability", "details": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" - }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H" @@ -113,101 +109,6 @@ ] } ] - }, - { - "package": { - "ecosystem": "Maven", - "name": "org.apache.tomcat.embed:tomcat-embed-core" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "11.0.0-M1" - }, - { - "fixed": "11.0.0-M21" - } - ] - } - ] - }, - { - "package": { - "ecosystem": "Maven", - "name": "org.apache.tomcat.embed:tomcat-embed-core" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "10.1.0-M1" - }, - { - "fixed": "10.1.25" - } - ] - } - ] - }, - { - "package": { - "ecosystem": "Maven", - "name": "org.apache.tomcat.embed:tomcat-embed-core" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "9.0.13" - }, - { - "fixed": "9.0.90" - } - ] - } - ] - }, - { - "package": { - "ecosystem": "Maven", - "name": "org.apache.tomcat.embed:tomcat-embed-core" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "8.5.35" - }, - { - "last_affected": "8.5.100" - } - ] - } - ] - }, - { - "package": { - "ecosystem": "Maven", - "name": "org.apache.tomcat.embed:tomcat-embed-core" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "7.0.92" - }, - { - "last_affected": "7.0.109" - } - ] - } - ] } ], "references": [