CX: CVE-2020-13934 in Maven-org.apache.tomcat:tomcat-coyote and 9.0.22 @ JavaVulnerableLab-1.refs/heads/master

github-actions[bot] commented 2 years ago

Description

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.0.x to 8.5.56 and 7.x did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

HIGH Vulnerable Package issue exists @ org.apache.tomcat:tomcat-coyote in branch refs/heads/master

Vulnerability ID: CVE-2020-13934

Package Name: org.apache.tomcat:tomcat-coyote

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2020-07-14T15:15:00

Current Package Version: 9.0.22

Remediation Upgrade Recommendation: 9.0.90

Link To SCA

Reference – NVD link

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 1 week ago

Issue still exists.

SamHeadrickCx / JavaVulnerableLab-1

CX: CVE-2020-13934 in Maven-org.apache.tomcat:tomcat-coyote and 9.0.22 @ JavaVulnerableLab-1.refs/heads/master #34