Open github-actions[bot] opened 3 years ago
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Description
Apache Tomcat 7.0.X, 8.0.X, 8.5.0 to 8.5.66, 9.0.0.M1 to 9.0.46, and 10.0.0-M1 to 10.0.6, did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
MEDIUM Vulnerable Package issue exists @ org.apache.tomcat:tomcat-coyote in branch refs/heads/master
Vulnerability ID: CVE-2021-33037
Package Name: org.apache.tomcat:tomcat-coyote
Severity: MEDIUM
CVSS Score: 5.3
Publish Date: 2021-07-12T15:15:00
Current Package Version: 9.0.22
Remediation Upgrade Recommendation: 9.0.48
Link To SCA
Reference – NVD link