Open github-actions[bot] opened 3 years ago
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Description
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
HIGH Vulnerable Package issue exists @ org.apache.tomcat:tomcat-coyote in branch refs/heads/master
Vulnerability ID: CVE-2020-17527
Package Name: org.apache.tomcat:tomcat-coyote
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2020-12-03T19:15:00
Current Package Version: 9.0.22
Remediation Upgrade Recommendation: 9.0.48
Link To SCA
Reference – NVD link