Open github-actions[bot] opened 3 years ago
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Description
If an HTTP/2 client connecting to Apache Tomcat between 10.0.0-M1 and 10.0.0-M7, between 9.0.0.M1 and 9.0.37, and between 8.5.0 and 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.
MEDIUM Vulnerable Package issue exists @ org.apache.tomcat:tomcat-coyote in branch refs/heads/master
Vulnerability ID: CVE-2020-13943
Package Name: org.apache.tomcat:tomcat-coyote
Severity: MEDIUM
CVSS Score: 4.3
Publish Date: 2020-10-12T14:15:00
Current Package Version: 9.0.22
Remediation Upgrade Recommendation: 9.0.48
Link To SCA
Reference – NVD link