org.apache.tomcat.embed:tomcat-embed-core@8.0.50 vulnerabilities

org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.94, 9.0.81, 10.1.14, 11.0.0-M12 or higher.

org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.

Affected versions of this package are vulnerable to Denial of Service (DoS). When Tomcat is configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially-crafted packet could be used to trigger an infinite loop resulting in a denial of service.

Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 10.0.4, 8.5.64, 9.0.44 or higher.

org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the UTF-8 decoder. When handling some special characters, the decoder may enter an infinite loop, thus denying service to other requests.

Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 7.0.90, 8.0.52, 8.5.32, 9.0.10 or higher.

org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.

Affected versions of this package are vulnerable to Insecure Defaults. The defaults settings for the CORS filter are insecure and enable supportsCredentials for all origins.

Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 7.0.89, 8.0.53, 8.5.32, 9.0.9 or higher.