[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-46589":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":71,"related":72,"reserved_at":9,"published_at":86,"modified_at":87,"state":88,"summary":89,"references_raw":98,"kevs":172,"epss":173,"epss_history":176,"metrics":416,"affected":426},"CVE-2023-46589","Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[29,30],"GHSA-fccv-jmmp-qg76","BIT-tomcat-2023-46589",[],[33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69],{"_key":34},"SUSE-SU-2024:0206-1",{"_key":36},"SUSE-SU-2024:0209-1",{"_key":38},"SUSE-SU-2024:0208-1",{"_key":40},"SUSE-SU-2024:0472-1",{"_key":42},"OPENSUSE-SU-2024:13590-1",{"_key":44},"OPENSUSE-SU-2024:13596-1",{"_key":46},"DLA-3707-1",{"_key":48},"DSA-5665-1",{"_key":50},"DSA-5667-1",{"_key":52},"SUSE-SU-2026:1058-1",{"_key":54},"USN-7032-1",{"_key":56},"DEBIAN-CVE-2023-46589",{"_key":58},"RHSA-2024:0532",{"_key":60},"RHSA-2024:0539",{"_key":62},"RHSA-2024:1092",{"_key":64},"RHSA-2024:1134",{"_key":66},"RHSA-2024:1318",{"_key":68},"RHSA-2024:1324",{"_key":70},"UBUNTU-CVE-2023-46589",[],[73,74,75,76,77,78,79,80,82,84],{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":52},{"_key":81},"CGA-3336-VXCR-QH26",{"_key":83},"CGA-X5P2-8FVM-5GV3",{"_key":85},"CGA-FXW6-VMQ6-5GWV","2023-11-28T15:31:52.366Z","2025-10-29T12:00:24.622Z","Modified",{"cisa_kev":90,"cisa_ransomware":90,"cisa_vendor":9,"epss_severity":91,"epss_score":92,"severity":93,"severity_score":94,"severity_version":95,"severity_source":96,"severity_vector":97,"severity_status":88},false,"critical",0.53735,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[99,108,113,118,122,127,131,135,139,143,148,152,156,160,164,168],{"url":100,"sources":101,"tags":104},"https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr",[96,102,103],"nvd","osv_maven",[105,106,107],"Vendor Advisory","Mailing List","WEB",{"url":109,"sources":110,"tags":111},"https://www.openwall.com/lists/oss-security/2023/11/28/2",[96,102,103],[106,112,107],"Third Party Advisory",{"url":114,"sources":115,"tags":116},"https://security.netapp.com/advisory/ntap-20231214-0009/",[96,102],[117],"X Transferred",{"url":119,"sources":120,"tags":121},"https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html",[96,102,103],[117,107],{"url":123,"sources":124,"tags":125},"https://nvd.nist.gov/vuln/detail/CVE-2023-46589",[103],[126],"Advisory",{"url":128,"sources":129,"tags":130},"https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b",[103],[107],{"url":132,"sources":133,"tags":134},"https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd",[103],[107],{"url":136,"sources":137,"tags":138},"https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642",[103],[107],{"url":140,"sources":141,"tags":142},"https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08",[103],[107],{"url":144,"sources":145,"tags":146},"https://github.com/apache/tomcat",[103],[147],"PACKAGE",{"url":149,"sources":150,"tags":151},"https://security.netapp.com/advisory/ntap-20231214-0009",[103],[107],{"url":153,"sources":154,"tags":155},"https://tomcat.apache.org/security-10.html",[103],[107],{"url":157,"sources":158,"tags":159},"https://tomcat.apache.org/security-11.html",[103],[107],{"url":161,"sources":162,"tags":163},"https://tomcat.apache.org/security-8.html",[103],[107],{"url":165,"sources":166,"tags":167},"https://tomcat.apache.org/security-9.html",[103],[107],{"url":169,"sources":170,"tags":171},"http://www.openwall.com/lists/oss-security/2023/11/28/2",[103],[107],[],{"date":174,"score":92,"percentile":175},"2026-06-04",0.98041,[177,181,184,186,189,191,193,195,197,200,203,205,207,209,213,217,220,223,226,229,232,234,237,239,242,245,247,249,253,255,258,260,262,264,267,269,271,274,277,280,283,285,287,290,293,296,298,300,303,305,307,310,313,315,318,320,323,326,329,333,336,338,341,344,346,349,352,355,358,361,363,365,368,371,374,377,380,382,385,388,391,394,397,399,402,405,407,409,411,413],{"date":178,"score":179,"percentile":180},"2025-11-04",0.56299,0.97992,{"date":182,"score":179,"percentile":183},"2025-11-05",0.97993,{"date":185,"score":179,"percentile":183},"2025-11-06",{"date":187,"score":179,"percentile":188},"2025-11-07",0.97994,{"date":190,"score":179,"percentile":188},"2025-11-08",{"date":192,"score":179,"percentile":188},"2025-11-09",{"date":194,"score":179,"percentile":188},"2025-11-10",{"date":196,"score":179,"percentile":188},"2025-11-11",{"date":198,"score":179,"percentile":199},"2025-11-12",0.97996,{"date":201,"score":179,"percentile":202},"2025-11-13",0.97997,{"date":204,"score":179,"percentile":202},"2025-11-14",{"date":206,"score":179,"percentile":188},"2025-11-15",{"date":208,"score":179,"percentile":188},"2025-11-16",{"date":210,"score":211,"percentile":212},"2025-11-17",0.54615,0.97907,{"date":214,"score":215,"percentile":216},"2025-11-18",0.23994,0.95673,{"date":218,"score":215,"percentile":219},"2025-11-19",0.95675,{"date":221,"score":215,"percentile":222},"2025-11-20",0.95678,{"date":224,"score":211,"percentile":225},"2025-11-21",0.97904,{"date":227,"score":211,"percentile":228},"2025-11-22",0.97902,{"date":230,"score":211,"percentile":231},"2025-11-23",0.97901,{"date":233,"score":211,"percentile":228},"2025-11-24",{"date":235,"score":211,"percentile":236},"2025-11-25",0.97903,{"date":238,"score":211,"percentile":236},"2025-11-26",{"date":240,"score":211,"percentile":241},"2025-11-27",0.97905,{"date":243,"score":211,"percentile":244},"2025-11-28",0.97906,{"date":246,"score":211,"percentile":212},"2025-11-29",{"date":248,"score":211,"percentile":244},"2025-11-30",{"date":250,"score":251,"percentile":252},"2025-12-01",0.4209,0.97302,{"date":254,"score":251,"percentile":252},"2025-12-02",{"date":256,"score":251,"percentile":257},"2025-12-03",0.97303,{"date":259,"score":211,"percentile":244},"2025-12-04",{"date":261,"score":211,"percentile":241},"2025-12-05",{"date":263,"score":211,"percentile":212},"2025-12-06",{"date":265,"score":211,"percentile":266},"2025-12-07",0.97908,{"date":268,"score":211,"percentile":266},"2025-12-08",{"date":270,"score":211,"percentile":212},"2025-12-09",{"date":272,"score":211,"percentile":273},"2025-12-10",0.97911,{"date":275,"score":211,"percentile":276},"2025-12-11",0.97914,{"date":278,"score":211,"percentile":279},"2025-12-12",0.97917,{"date":281,"score":211,"percentile":282},"2025-12-13",0.97913,{"date":284,"score":211,"percentile":276},"2025-12-14",{"date":286,"score":211,"percentile":282},"2025-12-15",{"date":288,"score":211,"percentile":289},"2025-12-16",0.9792,{"date":291,"score":211,"percentile":292},"2025-12-17",0.97924,{"date":294,"score":211,"percentile":295},"2025-12-18",0.97923,{"date":297,"score":211,"percentile":292},"2025-12-19",{"date":299,"score":211,"percentile":295},"2025-12-20",{"date":301,"score":211,"percentile":302},"2025-12-21",0.97922,{"date":304,"score":211,"percentile":279},"2025-12-22",{"date":306,"score":211,"percentile":302},"2025-12-23",{"date":308,"score":179,"percentile":309},"2025-12-24",0.98004,{"date":311,"score":179,"percentile":312},"2025-12-25",0.98001,{"date":314,"score":179,"percentile":312},"2025-12-26",{"date":316,"score":179,"percentile":317},"2025-12-27",0.98013,{"date":319,"score":179,"percentile":312},"2025-12-28",{"date":321,"score":179,"percentile":322},"2025-12-29",0.98003,{"date":324,"score":179,"percentile":325},"2025-12-30",0.98002,{"date":327,"score":179,"percentile":328},"2025-12-31",0.98005,{"date":330,"score":331,"percentile":332},"2026-01-01",0.43865,0.97423,{"date":334,"score":331,"percentile":335},"2026-01-02",0.97424,{"date":337,"score":331,"percentile":332},"2026-01-03",{"date":339,"score":179,"percentile":340},"2026-01-04",0.98014,{"date":342,"score":179,"percentile":343},"2026-01-05",0.98015,{"date":345,"score":179,"percentile":343},"2026-01-06",{"date":347,"score":179,"percentile":348},"2026-01-07",0.98016,{"date":350,"score":179,"percentile":351},"2026-01-08",0.98018,{"date":353,"score":179,"percentile":354},"2026-01-09",0.9802,{"date":356,"score":179,"percentile":357},"2026-01-10",0.98021,{"date":359,"score":179,"percentile":360},"2026-01-11",0.98019,{"date":362,"score":179,"percentile":360},"2026-01-12",{"date":364,"score":179,"percentile":357},"2026-01-13",{"date":366,"score":179,"percentile":367},"2026-01-14",0.98024,{"date":369,"score":179,"percentile":370},"2026-01-15",0.98025,{"date":372,"score":179,"percentile":373},"2026-01-16",0.98026,{"date":375,"score":179,"percentile":376},"2026-01-17",0.98029,{"date":378,"score":179,"percentile":379},"2026-01-18",0.98028,{"date":381,"score":179,"percentile":376},"2026-01-19",{"date":383,"score":179,"percentile":384},"2026-01-20",0.98031,{"date":386,"score":179,"percentile":387},"2026-01-21",0.9803,{"date":389,"score":179,"percentile":390},"2026-01-22",0.98033,{"date":392,"score":179,"percentile":393},"2026-01-23",0.98034,{"date":395,"score":179,"percentile":396},"2026-01-24",0.98035,{"date":398,"score":179,"percentile":396},"2026-01-25",{"date":400,"score":179,"percentile":401},"2026-01-26",0.98037,{"date":403,"score":179,"percentile":404},"2026-01-27",0.98038,{"date":406,"score":179,"percentile":404},"2026-01-28",{"date":408,"score":179,"percentile":401},"2026-01-29",{"date":410,"score":179,"percentile":401},"2026-01-30",{"date":412,"score":179,"percentile":384},"2026-01-31",{"date":414,"score":331,"percentile":415},"2026-02-01",0.97449,[417,422,424],{"source":96,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":418,"cvss_v4_0":9},{"baseScore":94,"baseSeverity":419,"vectorString":97,"impactScore":420,"exploitabilityScore":421},"HIGH",6,10,{"source":102,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":423,"cvss_v4_0":9},{"baseScore":94,"baseSeverity":419,"vectorString":97,"impactScore":420,"exploitabilityScore":421},{"source":103,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":425,"cvss_v4_0":9},{"baseScore":94,"baseSeverity":9,"vectorString":97,"impactScore":420,"exploitabilityScore":421},[427,451,487,504],{"ecosystem":9,"name":428,"vendor":429,"product":430,"cpe_part":431,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":432},"Apache Tomcat","apache software foundation","apache tomcat","a",[433,439,443,447],{"version":434,"is_range":435,"range_type":96,"version_start":436,"version_start_type":437,"version_end":438,"version_end_type":437,"fixed_in":9},">= 11.0.0-M1, \u003C= 11.0.0-M10",true,"11.0.0-M1","including","11.0.0-M10",{"version":440,"is_range":435,"range_type":96,"version_start":441,"version_start_type":437,"version_end":442,"version_end_type":437,"fixed_in":9},">= 10.1.0-M1, \u003C= 10.1.15","10.1.0-M1","10.1.15",{"version":444,"is_range":435,"range_type":96,"version_start":445,"version_start_type":437,"version_end":446,"version_end_type":437,"fixed_in":9},">= 9.0.0-M1, \u003C= 9.0.82","9.0.0-M1","9.0.82",{"version":448,"is_range":435,"range_type":96,"version_start":449,"version_start_type":437,"version_end":450,"version_end_type":437,"fixed_in":9},">= 8.5.0, \u003C= 8.5.95","8.5.0","8.5.95",{"ecosystem":9,"name":452,"vendor":9,"product":452,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":453},"Tomcat",[454,459,463,467,469,471,473,475,477,479,481,483,485],{"version":455,"is_range":435,"range_type":456,"version_start":449,"version_start_type":437,"version_end":457,"version_end_type":458,"fixed_in":9},"gte8.5.0_lt8.5.96","cpe","8.5.96","excluding",{"version":460,"is_range":435,"range_type":456,"version_start":461,"version_start_type":437,"version_end":462,"version_end_type":458,"fixed_in":9},"gte9.0.0_lt9.0.83","9.0.0","9.0.83",{"version":464,"is_range":435,"range_type":456,"version_start":465,"version_start_type":437,"version_end":466,"version_end_type":458,"fixed_in":9},"gte10.1.0_lt10.1.16","10.1.0","10.1.16",{"version":468,"is_range":90,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:milestone1",{"version":470,"is_range":90,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:milestone10",{"version":472,"is_range":90,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:milestone2",{"version":474,"is_range":90,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:milestone3",{"version":476,"is_range":90,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:milestone4",{"version":478,"is_range":90,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:milestone5",{"version":480,"is_range":90,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:milestone6",{"version":482,"is_range":90,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:milestone7",{"version":484,"is_range":90,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:milestone8",{"version":486,"is_range":90,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:milestone9",{"ecosystem":488,"name":489,"vendor":490,"product":491,"cpe_part":9,"purl_type":492,"purl_namespace":490,"purl_name":491,"source":9,"versions":493},"Maven","org.apache.tomcat:tomcat-catalina","org.apache.tomcat","tomcat-catalina","maven",[494,498,500,502],{"version":495,"is_range":435,"range_type":496,"version_start":436,"version_start_type":437,"version_end":497,"version_end_type":458,"fixed_in":9},"gte11_0_0_M1_lt11_0_0_M11","ecosystem","11.0.0-M11",{"version":499,"is_range":435,"range_type":496,"version_start":441,"version_start_type":437,"version_end":466,"version_end_type":458,"fixed_in":9},"gte10_1_0_M1_lt10_1_16",{"version":501,"is_range":435,"range_type":496,"version_start":445,"version_start_type":437,"version_end":462,"version_end_type":458,"fixed_in":9},"gte9_0_0_M1_lt9_0_83",{"version":503,"is_range":435,"range_type":496,"version_start":449,"version_start_type":437,"version_end":457,"version_end_type":458,"fixed_in":9},"gte8_5_0_lt8_5_96",{"ecosystem":488,"name":505,"vendor":506,"product":507,"cpe_part":9,"purl_type":492,"purl_namespace":506,"purl_name":507,"source":9,"versions":508},"org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed","tomcat-embed-core",[509,510,511,512],{"version":495,"is_range":435,"range_type":496,"version_start":436,"version_start_type":437,"version_end":497,"version_end_type":458,"fixed_in":9},{"version":499,"is_range":435,"range_type":496,"version_start":441,"version_start_type":437,"version_end":466,"version_end_type":458,"fixed_in":9},{"version":501,"is_range":435,"range_type":496,"version_start":445,"version_start_type":437,"version_end":462,"version_end_type":458,"fixed_in":9},{"version":503,"is_range":435,"range_type":496,"version_start":449,"version_start_type":437,"version_end":457,"version_end_type":458,"fixed_in":9}]