Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat versions 9.0.13 through 9.0.89, 10.1.0-M1 through 10.1.24, and 11.0.0-M1 through 11.0.0-M20. Older, unsupported versions may also be affected. Users are recommended to upgrade. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an "OutOfMemoryError" by abusing the TLS handshake process.
HIGH Vulnerable Package issue exists @ org.apache.tomcat:tomcat-util in branch refs/heads/master
Description
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat versions 9.0.13 through 9.0.89, 10.1.0-M1 through 10.1.24, and 11.0.0-M1 through 11.0.0-M20. Older, unsupported versions may also be affected. Users are recommended to upgrade. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an "OutOfMemoryError" by abusing the TLS handshake process.
HIGH Vulnerable Package issue exists @ org.apache.tomcat:tomcat-util in branch refs/heads/master
Vulnerability ID: CVE-2024-38286
Package Name: org.apache.tomcat:tomcat-util
Severity: HIGH
CVSS Score: 8.6
Publish Date: 2024-11-07T05:05:00
Current Package Version: 9.0.22
Remediation Upgrade Recommendation: 9.0.90
Link To SCA
Reference – NVD link