[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-43980":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":29,"duplicate_of":9,"upstream":32,"downstream":33,"duplicates":58,"related":59,"reserved_at":9,"published_at":67,"modified_at":68,"state":69,"summary":70,"references_raw":78,"kevs":139,"epss":140,"epss_history":143,"metrics":420,"affected":430},"CVE-2021-43980","The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-362","Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.","weakness","Draft","Class","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-26","Leveraging Race Conditions",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[],[30,31],"GHSA-jx7c-7mj5-9438","BIT-tomcat-2021-43980",[],[34,36,38,40,42,44,46,48,50,52,54,56],{"_key":35},"SUSE-SU-2022:4009-1",{"_key":37},"SUSE-SU-2022:4221-1",{"_key":39},"SUSE-SU-2022:4257-1",{"_key":41},"OPENSUSE-SU-2024:12534-1",{"_key":43},"OPENSUSE-SU-2024:13441-1",{"_key":45},"DLA-3160-1",{"_key":47},"DSA-5265-1",{"_key":49},"SUSE-SU-2026:1058-1",{"_key":51},"MGASA-2023-0138",{"_key":53},"DEBIAN-CVE-2021-43980",{"_key":55},"RHSA-2022:7272",{"_key":57},"UBUNTU-CVE-2021-43980",[],[60,61,62,63,64,65,66],{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":49},{"_key":51},"2022-09-28T00:00:00.000Z","2025-05-21T15:00:10.097Z","Modified",{"cisa_kev":71,"cisa_ransomware":71,"cisa_vendor":9,"epss_severity":72,"epss_score":73,"severity":72,"severity_score":74,"severity_version":75,"severity_source":76,"severity_vector":77,"severity_status":69},false,"low",0.00203,3.7,"v3.1","cve.org","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",[79,88,93,97,101,106,110,114,118,122,127,131,135],{"url":80,"sources":81,"tags":84},"https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3",[76,82,83],"nvd","osv_maven",[85,86,87],"Mailing List","Vendor Advisory","WEB",{"url":89,"sources":90,"tags":91},"http://www.openwall.com/lists/oss-security/2022/09/28/1",[76,82,83],[85,92,87],"Third Party Advisory",{"url":94,"sources":95,"tags":96},"https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html",[76,82,83],[85,92,87],{"url":98,"sources":99,"tags":100},"https://www.debian.org/security/2022/dsa-5265",[76,82,83],[86,92,87],{"url":102,"sources":103,"tags":104},"https://nvd.nist.gov/vuln/detail/CVE-2021-43980",[83],[105],"Advisory",{"url":107,"sources":108,"tags":109},"https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1",[83],[87],{"url":111,"sources":112,"tags":113},"https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13",[83],[87],{"url":115,"sources":116,"tags":117},"https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb",[83],[87],{"url":119,"sources":120,"tags":121},"https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc",[83],[87],{"url":123,"sources":124,"tags":125},"https://github.com/apache/tomcat",[83],[126],"PACKAGE",{"url":128,"sources":129,"tags":130},"https://tomcat.apache.org/security-10.html",[83],[87],{"url":132,"sources":133,"tags":134},"https://tomcat.apache.org/security-8.html",[83],[87],{"url":136,"sources":137,"tags":138},"https://tomcat.apache.org/security-9.html",[83],[87],[],{"date":141,"score":73,"percentile":142},"2026-06-04",0.42244,[144,148,151,154,157,160,163,166,169,172,175,178,181,184,187,191,194,197,201,204,207,210,213,215,218,221,224,227,231,234,237,240,243,246,249,253,256,259,262,265,268,271,274,277,280,283,286,289,292,294,297,301,304,307,310,313,316,319,322,326,329,332,335,338,341,344,347,350,353,356,359,362,364,367,370,373,376,379,382,385,388,391,394,397,400,403,406,410,413,416],{"date":145,"score":146,"percentile":147},"2025-11-04",0.00257,0.48946,{"date":149,"score":146,"percentile":150},"2025-11-05",0.48927,{"date":152,"score":146,"percentile":153},"2025-11-06",0.48942,{"date":155,"score":146,"percentile":156},"2025-11-07",0.48968,{"date":158,"score":146,"percentile":159},"2025-11-08",0.48967,{"date":161,"score":146,"percentile":162},"2025-11-09",0.48945,{"date":164,"score":146,"percentile":165},"2025-11-10",0.48918,{"date":167,"score":146,"percentile":168},"2025-11-11",0.48932,{"date":170,"score":146,"percentile":171},"2025-11-12",0.48956,{"date":173,"score":146,"percentile":174},"2025-11-13",0.48959,{"date":176,"score":146,"percentile":177},"2025-11-14",0.48973,{"date":179,"score":146,"percentile":180},"2025-11-15",0.48969,{"date":182,"score":146,"percentile":183},"2025-11-16",0.48954,{"date":185,"score":146,"percentile":186},"2025-11-17",0.48928,{"date":188,"score":189,"percentile":190},"2025-11-18",0.02025,0.82326,{"date":192,"score":189,"percentile":193},"2025-11-19",0.82328,{"date":195,"score":189,"percentile":196},"2025-11-20",0.82332,{"date":198,"score":199,"percentile":200},"2025-11-21",0.00256,0.48799,{"date":202,"score":199,"percentile":203},"2025-11-22",0.48795,{"date":205,"score":199,"percentile":206},"2025-11-23",0.48763,{"date":208,"score":199,"percentile":209},"2025-11-24",0.48749,{"date":211,"score":199,"percentile":212},"2025-11-25",0.4875,{"date":214,"score":199,"percentile":209},"2025-11-26",{"date":216,"score":199,"percentile":217},"2025-11-27",0.48756,{"date":219,"score":199,"percentile":220},"2025-11-28",0.48725,{"date":222,"score":199,"percentile":223},"2025-11-29",0.48705,{"date":225,"score":199,"percentile":226},"2025-11-30",0.48693,{"date":228,"score":229,"percentile":230},"2025-12-01",0.00096,0.27091,{"date":232,"score":229,"percentile":233},"2025-12-02",0.27113,{"date":235,"score":229,"percentile":236},"2025-12-03",0.27118,{"date":238,"score":199,"percentile":239},"2025-12-04",0.48694,{"date":241,"score":199,"percentile":242},"2025-12-05",0.48715,{"date":244,"score":199,"percentile":245},"2025-12-06",0.48717,{"date":247,"score":199,"percentile":248},"2025-12-07",0.48703,{"date":250,"score":251,"percentile":252},"2025-12-08",0.00218,0.44337,{"date":254,"score":251,"percentile":255},"2025-12-09",0.44374,{"date":257,"score":251,"percentile":258},"2025-12-10",0.44442,{"date":260,"score":251,"percentile":261},"2025-12-11",0.44468,{"date":263,"score":251,"percentile":264},"2025-12-12",0.44496,{"date":266,"score":251,"percentile":267},"2025-12-13",0.44475,{"date":269,"score":251,"percentile":270},"2025-12-14",0.44451,{"date":272,"score":251,"percentile":273},"2025-12-15",0.44433,{"date":275,"score":251,"percentile":276},"2025-12-16",0.44455,{"date":278,"score":251,"percentile":279},"2025-12-17",0.44494,{"date":281,"score":251,"percentile":282},"2025-12-18",0.44536,{"date":284,"score":251,"percentile":285},"2025-12-19",0.44552,{"date":287,"score":251,"percentile":288},"2025-12-20",0.44528,{"date":290,"score":251,"percentile":291},"2025-12-21",0.44497,{"date":293,"score":251,"percentile":267},"2025-12-22",{"date":295,"score":251,"percentile":296},"2025-12-23",0.44472,{"date":298,"score":299,"percentile":300},"2025-12-24",0.00179,0.39799,{"date":302,"score":299,"percentile":303},"2025-12-25",0.39854,{"date":305,"score":299,"percentile":306},"2025-12-26",0.39833,{"date":308,"score":299,"percentile":309},"2025-12-27",0.39858,{"date":311,"score":299,"percentile":312},"2025-12-28",0.39752,{"date":314,"score":299,"percentile":315},"2025-12-29",0.39726,{"date":317,"score":299,"percentile":318},"2025-12-30",0.39716,{"date":320,"score":299,"percentile":321},"2025-12-31",0.39769,{"date":323,"score":324,"percentile":325},"2026-01-01",0.00104,0.29224,{"date":327,"score":324,"percentile":328},"2026-01-02",0.2922,{"date":330,"score":324,"percentile":331},"2026-01-03",0.29201,{"date":333,"score":299,"percentile":334},"2026-01-04",0.39722,{"date":336,"score":299,"percentile":337},"2026-01-05",0.39694,{"date":339,"score":299,"percentile":340},"2026-01-06",0.39698,{"date":342,"score":299,"percentile":343},"2026-01-07",0.39723,{"date":345,"score":299,"percentile":346},"2026-01-08",0.39747,{"date":348,"score":299,"percentile":349},"2026-01-09",0.39735,{"date":351,"score":299,"percentile":352},"2026-01-10",0.39734,{"date":354,"score":299,"percentile":355},"2026-01-11",0.39712,{"date":357,"score":299,"percentile":358},"2026-01-12",0.39663,{"date":360,"score":299,"percentile":361},"2026-01-13",0.39646,{"date":363,"score":299,"percentile":337},"2026-01-14",{"date":365,"score":299,"percentile":366},"2026-01-15",0.39683,{"date":368,"score":299,"percentile":369},"2026-01-16",0.39704,{"date":371,"score":299,"percentile":372},"2026-01-17",0.39678,{"date":374,"score":299,"percentile":375},"2026-01-18",0.39632,{"date":377,"score":299,"percentile":378},"2026-01-19",0.39602,{"date":380,"score":299,"percentile":381},"2026-01-20",0.39585,{"date":383,"score":299,"percentile":384},"2026-01-21",0.39581,{"date":386,"score":299,"percentile":387},"2026-01-22",0.39571,{"date":389,"score":299,"percentile":390},"2026-01-23",0.39633,{"date":392,"score":299,"percentile":393},"2026-01-24",0.39638,{"date":395,"score":299,"percentile":396},"2026-01-25",0.39589,{"date":398,"score":299,"percentile":399},"2026-01-26",0.3953,{"date":401,"score":299,"percentile":402},"2026-01-27",0.39528,{"date":404,"score":299,"percentile":405},"2026-01-28",0.39524,{"date":407,"score":408,"percentile":409},"2026-01-29",0.0019,0.40896,{"date":411,"score":408,"percentile":412},"2026-01-30",0.40903,{"date":414,"score":408,"percentile":415},"2026-01-31",0.40912,{"date":417,"score":418,"percentile":419},"2026-02-01",0.00111,0.29915,[421,426,428],{"source":76,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":422,"cvss_v4_0":9},{"baseScore":74,"baseSeverity":423,"vectorString":77,"impactScore":424,"exploitabilityScore":425},"LOW",2.3,5.6,{"source":82,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":427,"cvss_v4_0":9},{"baseScore":74,"baseSeverity":423,"vectorString":77,"impactScore":424,"exploitabilityScore":425},{"source":83,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":429,"cvss_v4_0":9},{"baseScore":74,"baseSeverity":9,"vectorString":77,"impactScore":424,"exploitabilityScore":425},[431,446,487,497],{"ecosystem":9,"name":432,"vendor":433,"product":434,"cpe_part":435,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":436},"Apache Tomcat","apache software foundation","apache tomcat","a",[437,440,442,444],{"version":438,"is_range":71,"range_type":76,"version_start":438,"version_start_type":439,"version_end":438,"version_end_type":439,"fixed_in":9},"10.1.0-M1 to 10.1.0-M12","including",{"version":441,"is_range":71,"range_type":76,"version_start":441,"version_start_type":439,"version_end":441,"version_end_type":439,"fixed_in":9},"10.0.0-M1 to 10.0.18",{"version":443,"is_range":71,"range_type":76,"version_start":443,"version_start_type":439,"version_end":443,"version_end_type":439,"fixed_in":9},"9.0.0-M1 to 9.0.60",{"version":445,"is_range":71,"range_type":76,"version_start":445,"version_start_type":439,"version_end":445,"version_end_type":439,"fixed_in":9},"8.5.0 to 8.5.77",{"ecosystem":9,"name":447,"vendor":9,"product":447,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":448},"Tomcat",[449,455,459,463,465,467,469,471,473,475,477,479,481,483,485],{"version":450,"is_range":451,"range_type":452,"version_start":453,"version_start_type":439,"version_end":454,"version_end_type":439,"fixed_in":9},"gte8.5.0_lte8.5.77",true,"cpe","8.5.0","8.5.77",{"version":456,"is_range":451,"range_type":452,"version_start":457,"version_start_type":439,"version_end":458,"version_end_type":439,"fixed_in":9},"gte9.0.0_lte9.0.60","9.0.0","9.0.60",{"version":460,"is_range":451,"range_type":452,"version_start":461,"version_start_type":439,"version_end":462,"version_end_type":439,"fixed_in":9},"gte10.0.0_lte10.0.18","10.0.0","10.0.18",{"version":464,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone1",{"version":466,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone10",{"version":468,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone11",{"version":470,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone12",{"version":472,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone2",{"version":474,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone3",{"version":476,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone4",{"version":478,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone5",{"version":480,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone6",{"version":482,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone7",{"version":484,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone8",{"version":486,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.0:milestone9",{"ecosystem":9,"name":488,"vendor":489,"product":490,"cpe_part":491,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":492},"debian linux","debian","debian_linux","o",[493,495],{"version":494,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"version":496,"is_range":71,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"ecosystem":498,"name":499,"vendor":500,"product":501,"cpe_part":9,"purl_type":502,"purl_namespace":500,"purl_name":501,"source":9,"versions":503},"Maven","org.apache.tomcat:tomcat","org.apache.tomcat","tomcat","maven",[504,509,513,517],{"version":505,"is_range":451,"range_type":506,"version_start":453,"version_start_type":439,"version_end":507,"version_end_type":508,"fixed_in":9},"gte8_5_0_lt8_5_78","ecosystem","8.5.78","excluding",{"version":510,"is_range":451,"range_type":506,"version_start":511,"version_start_type":439,"version_end":512,"version_end_type":508,"fixed_in":9},"gte9_0_0_M1_lt9_0_62","9.0.0-M1","9.0.62",{"version":514,"is_range":451,"range_type":506,"version_start":515,"version_start_type":439,"version_end":516,"version_end_type":508,"fixed_in":9},"gte10_0_0_M1_lt10_0_20","10.0.0-M1","10.0.20",{"version":518,"is_range":451,"range_type":506,"version_start":519,"version_start_type":439,"version_end":520,"version_end_type":508,"fixed_in":9},"gte10_1_0_M1_lt10_1_0_M14","10.1.0-M1","10.1.0-M14"]