In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade org.apache.tomcat.embed:tomcat-embed-core
to version 9.0.98, 10.1.34, 11.0.2 or higher.
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition due to imcomplete mitigation advice associated with CVE-2024-50379 in the file-handling process with servlet write enabled.
In addition to upgrading to the fixed version, users are advised to apply the following mitigations, depending on which version of Java they are using with Tomcat :
running on Java 8 or Java 11: the system property sun.io.useCanonCaches
must be explicitly set to false (it defaults to true)
running on Java 17: the system property sun.io.useCanonCaches
, if set, must be set to false (it defaults to false)
running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed)