[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-28709":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":20,"duplicate_of":9,"upstream":23,"downstream":24,"duplicates":53,"related":54,"reserved_at":9,"published_at":65,"modified_at":66,"state":67,"summary":68,"references_raw":77,"kevs":150,"epss":151,"epss_history":154,"metrics":428,"affected":436},"CVE-2023-28709","The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-193","Off-by-one Error","A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.","weakness","Draft","Base",[],[],[21,22],"GHSA-cx6h-86xw-9x34","BIT-tomcat-2023-28709",[],[25,27,29,31,33,35,37,39,41,43,45,47,49,51],{"_key":26},"SUSE-SU-2023:2319-1",{"_key":28},"SUSE-SU-2023:2505-1",{"_key":30},"SUSE-SU-2023:2318-1",{"_key":32},"SUSE-SU-2023:2504-1",{"_key":34},"OPENSUSE-SU-2024:12953-1",{"_key":36},"OPENSUSE-SU-2024:13441-1",{"_key":38},"DSA-5521-1",{"_key":40},"RHSA-2023:4909",{"_key":42},"RHSA-2023:6570",{"_key":44},"RHSA-2023:7065",{"_key":46},"SUSE-SU-2026:1058-1",{"_key":48},"MGASA-2023-0191",{"_key":50},"DEBIAN-CVE-2023-28709",{"_key":52},"UBUNTU-CVE-2023-28709",[],[55,56,57,58,59,60,61,62,63],{"_key":26},{"_key":28},{"_key":30},{"_key":32},{"_key":34},{"_key":36},{"_key":46},{"_key":48},{"_key":64},"CGA-VW9P-R67Q-33XP","2023-05-22T10:08:49.541Z","2025-02-13T16:48:49.704Z","Modified",{"cisa_kev":69,"cisa_ransomware":69,"cisa_vendor":9,"epss_severity":70,"epss_score":71,"severity":72,"severity_score":73,"severity_version":74,"severity_source":75,"severity_vector":76,"severity_status":67},false,"low",0.00516,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[78,87,92,96,100,104,109,113,117,121,125,130,134,138,142,146],{"url":79,"sources":80,"tags":83},"https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",[81,75,82],"cve.org","osv_maven",[84,85,86],"Vendor Advisory","Mailing List","WEB",{"url":88,"sources":89,"tags":90},"http://www.openwall.com/lists/oss-security/2023/05/22/1",[81,75,82],[85,91,86],"Third Party Advisory",{"url":93,"sources":94,"tags":95},"https://security.gentoo.org/glsa/202305-37",[81,75,82],[91,86],{"url":97,"sources":98,"tags":99},"https://security.netapp.com/advisory/ntap-20230616-0004/",[81,75],[91],{"url":101,"sources":102,"tags":103},"https://www.debian.org/security/2023/dsa-5521",[81,75,82],[91,86],{"url":105,"sources":106,"tags":107},"https://nvd.nist.gov/vuln/detail/CVE-2023-28709",[82],[108],"Advisory",{"url":110,"sources":111,"tags":112},"https://github.com/apache/tomcat/commit/5badf94e79e5de206fc0ef3054fd536b1bb787cd",[82],[86],{"url":114,"sources":115,"tags":116},"https://github.com/apache/tomcat/commit/ba848da71c523d94950d3c53c19ea155189df9dc",[82],[86],{"url":118,"sources":119,"tags":120},"https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38",[82],[86],{"url":122,"sources":123,"tags":124},"https://github.com/apache/tomcat/commit/fbd81421629afe8b8a3922d59020cde81caea861",[82],[86],{"url":126,"sources":127,"tags":128},"https://github.com/apache/tomcat",[82],[129],"PACKAGE",{"url":131,"sources":132,"tags":133},"https://security.netapp.com/advisory/ntap-20230616-0004",[82],[86],{"url":135,"sources":136,"tags":137},"https://tomcat.apache.org/security-10.html",[82],[86],{"url":139,"sources":140,"tags":141},"https://tomcat.apache.org/security-11.html",[82],[86],{"url":143,"sources":144,"tags":145},"https://tomcat.apache.org/security-8.html",[82],[86],{"url":147,"sources":148,"tags":149},"https://tomcat.apache.org/security-9.html",[82],[86],[],{"date":152,"score":71,"percentile":153},"2026-06-04",0.6704,[155,159,162,165,168,171,174,177,180,183,186,189,191,194,196,200,203,206,209,212,215,218,221,224,227,230,233,236,240,243,246,248,251,254,257,259,261,264,267,270,274,277,280,283,286,290,293,296,299,302,305,309,312,315,318,321,324,327,331,335,338,341,344,347,350,353,356,359,362,365,368,371,375,378,381,384,386,389,392,395,398,401,404,407,410,413,415,418,421,424],{"date":156,"score":157,"percentile":158},"2025-11-04",0.0045,0.62827,{"date":160,"score":157,"percentile":161},"2025-11-05",0.62811,{"date":163,"score":157,"percentile":164},"2025-11-06",0.62818,{"date":166,"score":157,"percentile":167},"2025-11-07",0.62834,{"date":169,"score":157,"percentile":170},"2025-11-08",0.62838,{"date":172,"score":157,"percentile":173},"2025-11-09",0.62832,{"date":175,"score":157,"percentile":176},"2025-11-10",0.62814,{"date":178,"score":157,"percentile":179},"2025-11-11",0.62826,{"date":181,"score":157,"percentile":182},"2025-11-12",0.62849,{"date":184,"score":157,"percentile":185},"2025-11-13",0.62855,{"date":187,"score":157,"percentile":188},"2025-11-14",0.62864,{"date":190,"score":157,"percentile":185},"2025-11-15",{"date":192,"score":157,"percentile":193},"2025-11-16",0.62846,{"date":195,"score":157,"percentile":193},"2025-11-17",{"date":197,"score":198,"percentile":199},"2025-11-18",0.06784,0.90396,{"date":201,"score":198,"percentile":202},"2025-11-19",0.90401,{"date":204,"score":198,"percentile":205},"2025-11-20",0.90405,{"date":207,"score":157,"percentile":208},"2025-11-21",0.62857,{"date":210,"score":157,"percentile":211},"2025-11-22",0.62866,{"date":213,"score":157,"percentile":214},"2025-11-23",0.62845,{"date":216,"score":157,"percentile":217},"2025-11-24",0.62839,{"date":219,"score":157,"percentile":220},"2025-11-25",0.62844,{"date":222,"score":157,"percentile":223},"2025-11-26",0.62847,{"date":225,"score":157,"percentile":226},"2025-11-27",0.62853,{"date":228,"score":157,"percentile":229},"2025-11-28",0.62836,{"date":231,"score":157,"percentile":232},"2025-11-29",0.6281,{"date":234,"score":157,"percentile":235},"2025-11-30",0.62802,{"date":237,"score":238,"percentile":239},"2025-12-01",0.00116,0.31064,{"date":241,"score":238,"percentile":242},"2025-12-02",0.31092,{"date":244,"score":238,"percentile":245},"2025-12-03",0.31096,{"date":247,"score":157,"percentile":164},"2025-12-04",{"date":249,"score":157,"percentile":250},"2025-12-05",0.62831,{"date":252,"score":157,"percentile":253},"2025-12-06",0.62833,{"date":255,"score":157,"percentile":256},"2025-12-07",0.62825,{"date":258,"score":157,"percentile":173},"2025-12-08",{"date":260,"score":157,"percentile":211},"2025-12-09",{"date":262,"score":157,"percentile":263},"2025-12-10",0.62909,{"date":265,"score":157,"percentile":266},"2025-12-11",0.62926,{"date":268,"score":157,"percentile":269},"2025-12-12",0.6295,{"date":271,"score":272,"percentile":273},"2025-12-13",0.00706,0.71492,{"date":275,"score":272,"percentile":276},"2025-12-14",0.71491,{"date":278,"score":272,"percentile":279},"2025-12-15",0.71488,{"date":281,"score":272,"percentile":282},"2025-12-16",0.71498,{"date":284,"score":272,"percentile":285},"2025-12-17",0.71512,{"date":287,"score":288,"percentile":289},"2025-12-18",0.00541,0.66941,{"date":291,"score":288,"percentile":292},"2025-12-19",0.66961,{"date":294,"score":288,"percentile":295},"2025-12-20",0.66959,{"date":297,"score":288,"percentile":298},"2025-12-21",0.66948,{"date":300,"score":288,"percentile":301},"2025-12-22",0.66978,{"date":303,"score":288,"percentile":304},"2025-12-23",0.66972,{"date":306,"score":307,"percentile":308},"2025-12-24",0.00656,0.70394,{"date":310,"score":307,"percentile":311},"2025-12-25",0.70418,{"date":313,"score":307,"percentile":314},"2025-12-26",0.70417,{"date":316,"score":307,"percentile":317},"2025-12-27",0.70452,{"date":319,"score":307,"percentile":320},"2025-12-28",0.70388,{"date":322,"score":307,"percentile":323},"2025-12-29",0.70384,{"date":325,"score":307,"percentile":326},"2025-12-30",0.70398,{"date":328,"score":329,"percentile":330},"2025-12-31",0.00474,0.6413,{"date":332,"score":333,"percentile":334},"2026-01-01",0.00122,0.32277,{"date":336,"score":333,"percentile":337},"2026-01-02",0.32265,{"date":339,"score":333,"percentile":340},"2026-01-03",0.32244,{"date":342,"score":329,"percentile":343},"2026-01-04",0.64128,{"date":345,"score":329,"percentile":346},"2026-01-05",0.64122,{"date":348,"score":329,"percentile":349},"2026-01-06",0.64118,{"date":351,"score":329,"percentile":352},"2026-01-07",0.64137,{"date":354,"score":329,"percentile":355},"2026-01-08",0.6416,{"date":357,"score":329,"percentile":358},"2026-01-09",0.64158,{"date":360,"score":329,"percentile":361},"2026-01-10",0.64156,{"date":363,"score":329,"percentile":364},"2026-01-11",0.64145,{"date":366,"score":329,"percentile":367},"2026-01-12",0.64129,{"date":369,"score":329,"percentile":370},"2026-01-13",0.64127,{"date":372,"score":373,"percentile":374},"2026-01-14",0.00356,0.57349,{"date":376,"score":373,"percentile":377},"2026-01-15",0.57352,{"date":379,"score":373,"percentile":380},"2026-01-16",0.57377,{"date":382,"score":373,"percentile":383},"2026-01-17",0.57367,{"date":385,"score":373,"percentile":383},"2026-01-18",{"date":387,"score":373,"percentile":388},"2026-01-19",0.57355,{"date":390,"score":373,"percentile":391},"2026-01-20",0.57359,{"date":393,"score":373,"percentile":394},"2026-01-21",0.57365,{"date":396,"score":373,"percentile":397},"2026-01-22",0.57363,{"date":399,"score":373,"percentile":400},"2026-01-23",0.57402,{"date":402,"score":373,"percentile":403},"2026-01-24",0.57408,{"date":405,"score":373,"percentile":406},"2026-01-25",0.57371,{"date":408,"score":373,"percentile":409},"2026-01-26",0.57358,{"date":411,"score":373,"percentile":412},"2026-01-27",0.57368,{"date":414,"score":373,"percentile":380},"2026-01-28",{"date":416,"score":373,"percentile":417},"2026-01-29",0.57379,{"date":419,"score":373,"percentile":420},"2026-01-30",0.57378,{"date":422,"score":373,"percentile":423},"2026-01-31",0.57381,{"date":425,"score":426,"percentile":427},"2026-02-01",0.00092,0.26152,[429,434],{"source":75,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":430,"cvss_v4_0":9},{"baseScore":73,"baseSeverity":431,"vectorString":76,"impactScore":432,"exploitabilityScore":433},"HIGH",6,10,{"source":82,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":435,"cvss_v4_0":9},{"baseScore":73,"baseSeverity":9,"vectorString":76,"impactScore":432,"exploitabilityScore":433},[437,461,477,485,497,511],{"ecosystem":9,"name":438,"vendor":439,"product":440,"cpe_part":441,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":442},"Apache Tomcat","apache software foundation","apache tomcat","a",[443,449,453,457],{"version":444,"is_range":445,"range_type":81,"version_start":446,"version_start_type":447,"version_end":448,"version_end_type":447,"fixed_in":9},">= 11.0.0-M2, \u003C= 11.0.0-M4",true,"11.0.0-M2","including","11.0.0-M4",{"version":450,"is_range":445,"range_type":81,"version_start":451,"version_start_type":447,"version_end":452,"version_end_type":447,"fixed_in":9},">= 10.1.5, \u003C= 10.1.7","10.1.5","10.1.7",{"version":454,"is_range":445,"range_type":81,"version_start":455,"version_start_type":447,"version_end":456,"version_end_type":447,"fixed_in":9},">= 9.0.71, \u003C= 9.0.73","9.0.71","9.0.73",{"version":458,"is_range":445,"range_type":81,"version_start":459,"version_start_type":447,"version_end":460,"version_end_type":447,"fixed_in":9},">= 8.5.85, \u003C= 8.5.87","8.5.85","8.5.87",{"ecosystem":9,"name":462,"vendor":9,"product":462,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":463},"Tomcat",[464,467,469,471,473,475],{"version":465,"is_range":445,"range_type":466,"version_start":459,"version_start_type":447,"version_end":460,"version_end_type":447,"fixed_in":9},"gte8.5.85_lte8.5.87","cpe",{"version":468,"is_range":445,"range_type":466,"version_start":455,"version_start_type":447,"version_end":456,"version_end_type":447,"fixed_in":9},"gte9.0.71_lte9.0.73",{"version":470,"is_range":445,"range_type":466,"version_start":451,"version_start_type":447,"version_end":452,"version_end_type":447,"fixed_in":9},"gte10.1.5_lte10.1.7",{"version":472,"is_range":69,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:milestone2",{"version":474,"is_range":69,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:milestone3",{"version":476,"is_range":69,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:milestone4",{"ecosystem":9,"name":478,"vendor":479,"product":480,"cpe_part":481,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":482},"debian linux","debian","debian_linux","o",[483],{"version":484,"is_range":69,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0",{"ecosystem":486,"name":487,"vendor":488,"product":489,"cpe_part":9,"purl_type":490,"purl_namespace":488,"purl_name":489,"source":9,"versions":491},"Maven","org.apache.tomcat:tomcat-coyote","org.apache.tomcat","tomcat-coyote","maven",[492],{"version":493,"is_range":445,"range_type":494,"version_start":459,"version_start_type":447,"version_end":495,"version_end_type":496,"fixed_in":9},"gte8_5_85_lt8_5_88","ecosystem","8.5.88","excluding",{"ecosystem":486,"name":498,"vendor":499,"product":500,"cpe_part":9,"purl_type":490,"purl_namespace":499,"purl_name":500,"source":9,"versions":501},"org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed","tomcat-embed-core",[502,505,508],{"version":503,"is_range":445,"range_type":494,"version_start":446,"version_start_type":447,"version_end":504,"version_end_type":496,"fixed_in":9},"gte11_0_0_M2_lt11_0_0_M5","11.0.0-M5",{"version":506,"is_range":445,"range_type":494,"version_start":451,"version_start_type":447,"version_end":507,"version_end_type":496,"fixed_in":9},"gte10_1_5_lt10_1_8","10.1.8",{"version":509,"is_range":445,"range_type":494,"version_start":455,"version_start_type":447,"version_end":510,"version_end_type":496,"fixed_in":9},"gte9_0_71_lt9_0_74","9.0.74",{"ecosystem":9,"name":512,"vendor":513,"product":514,"cpe_part":441,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":515},"7-mode transition tool","netapp","7-mode_transition_tool",[516],{"version":517,"is_range":69,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na"]