Vulnerability	Vulnerable Version
H Untrusted Search Path org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Untrusted Search Path via the `icacls.exe` call during Windows installation, when a full path is not specified. An attacker can execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is searched before the intended system directory. How to fix Untrusted Search Path? Upgrade `org.apache.tomcat:tomcat` to version 9.0.106, 10.1.42, 11.0.8 or higher.	[9.0.23,9.0.106)[10.1.0,10.1.42)[11.0.0-M1,11.0.8)

Untrusted Search Path

org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies.

Affected versions of this package are vulnerable to Untrusted Search Path via the icacls.exe call during Windows installation, when a full path is not specified. An attacker can execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is searched before the intended system directory.

How to fix Untrusted Search Path?

Upgrade org.apache.tomcat:tomcat to version 9.0.106, 10.1.42, 11.0.8 or higher.

[9.0.23,9.0.106)[10.1.0,10.1.42)[11.0.0-M1,11.0.8)

Go back to all versions of this package