beniisan / JavaVulnLab_Cx

GNU General Public License v2.0
0 stars 0 forks source link

CX: CVE-2020-13934 in Maven-org.apache.tomcat:tomcat-coyote and 9.0.22 @ JavaVulnLab_Cx.${basename #33

Open github-actions[bot] opened 3 years ago

github-actions[bot] commented 3 years ago

Description

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.0.x to 8.5.56 and 7.x did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

HIGH Vulnerable Package issue exists @ org.apache.tomcat:tomcat-coyote in branch ${basename

Vulnerability ID: CVE-2020-13934

Package Name: org.apache.tomcat:tomcat-coyote

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2020-07-14T15:15:00

Current Package Version: 9.0.22

Remediation Upgrade Recommendation: 9.0.48

Link To SCA

Reference – NVD link

github-actions[bot] commented 3 years ago

Issue still exists.