[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-50379":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":29,"duplicate_of":9,"upstream":32,"downstream":33,"duplicates":74,"related":75,"reserved_at":9,"published_at":87,"modified_at":88,"state":89,"summary":90,"references_raw":98,"kevs":175,"epss":176,"epss_history":179,"metrics":391,"affected":403},"CVE-2024-50379","Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-367","Time-of-check Time-of-use (TOCTOU) Race Condition","The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.","weakness","Incomplete","Base","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[],[30,31],"GHSA-5j33-cvvr-w245","BIT-tomcat-2024-50379",[],[34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72],{"_key":35},"SUSE-SU-2025:0394-1",{"_key":37},"SUSE-SU-2025:0033-1",{"_key":39},"SUSE-SU-2025:0058-1",{"_key":41},"OPENSUSE-SU-2025:14622-1",{"_key":43},"OPENSUSE-SU-2025:14623-1",{"_key":45},"DLA-4017-1",{"_key":47},"DSA-5845-1",{"_key":49},"RHSA-2025:0342",{"_key":51},"RHSA-2025:0361",{"_key":53},"RHSA-2025:1920",{"_key":55},"SUSE-SU-2026:1058-1",{"_key":57},"MGASA-2024-0394",{"_key":59},"USN-7705-1",{"_key":61},"DEBIAN-CVE-2024-50379",{"_key":63},"RHSA-2025:3645",{"_key":65},"RHSA-2025:3646",{"_key":67},"RHSA-2025:3647",{"_key":69},"RHSA-2025:3683",{"_key":71},"RHSA-2025:3684",{"_key":73},"UBUNTU-CVE-2024-50379",[],[76,77,78,79,80,81,82,83,85],{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":55},{"_key":57},{"_key":84},"CGA-5749-245M-24VG",{"_key":86},"CGA-FF6F-WPXQ-25H8","2024-12-17T12:34:54.827Z","2025-11-03T20:45:15.148Z","Modified",{"cisa_kev":91,"cisa_ransomware":91,"cisa_vendor":9,"epss_severity":92,"epss_score":93,"severity":92,"severity_score":94,"severity_version":95,"severity_source":96,"severity_vector":97,"severity_status":89},false,"critical",0.84776,9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[99,108,112,116,121,125,130,134,138,142,146,150,154,159,163,167,171],{"url":100,"sources":101,"tags":104},"https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r",[96,102,103],"nvd","osv_maven",[105,106,107],"Vendor Advisory","Mailing List","WEB",{"url":109,"sources":110,"tags":111},"http://www.openwall.com/lists/oss-security/2024/12/17/4",[96,102,103],[106,107],{"url":113,"sources":114,"tags":115},"http://www.openwall.com/lists/oss-security/2024/12/18/2",[96,102,103],[106,107],{"url":117,"sources":118,"tags":119},"https://security.netapp.com/advisory/ntap-20250103-0003/",[96,102],[120],"Third Party Advisory",{"url":122,"sources":123,"tags":124},"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html",[96,102,103],[107],{"url":126,"sources":127,"tags":128},"https://nvd.nist.gov/vuln/detail/CVE-2024-50379",[103],[129],"Advisory",{"url":131,"sources":132,"tags":133},"https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f",[103],[107],{"url":135,"sources":136,"tags":137},"https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00",[103],[107],{"url":139,"sources":140,"tags":141},"https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41",[103],[107],{"url":143,"sources":144,"tags":145},"https://github.com/apache/tomcat/commit/684247ae85fa633b9197b32391de59fc54703842",[103],[107],{"url":147,"sources":148,"tags":149},"https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2",[103],[107],{"url":151,"sources":152,"tags":153},"https://github.com/apache/tomcat/commit/cc7a98b57c6dc1df21979fcff94a36e068f4456c",[103],[107],{"url":155,"sources":156,"tags":157},"https://github.com/apache/tomcat",[103],[158],"PACKAGE",{"url":160,"sources":161,"tags":162},"https://security.netapp.com/advisory/ntap-20250103-0003",[103],[107],{"url":164,"sources":165,"tags":166},"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34",[103],[107],{"url":168,"sources":169,"tags":170},"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2",[103],[107],{"url":172,"sources":173,"tags":174},"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98",[103],[107],[],{"date":177,"score":93,"percentile":178},"2026-06-04",0.99356,[180,184,187,189,191,194,196,198,200,203,205,207,209,211,213,217,219,221,223,225,227,229,231,233,235,237,239,241,245,248,251,253,255,257,259,262,264,267,270,273,275,277,279,281,284,286,288,290,293,295,297,300,302,304,306,308,310,312,314,317,319,322,324,326,328,330,332,335,338,340,342,344,347,349,352,355,357,359,362,364,366,369,371,375,377,380,382,384,386,388],{"date":181,"score":182,"percentile":183},"2025-11-04",0.88429,0.99463,{"date":185,"score":182,"percentile":186},"2025-11-05",0.99464,{"date":188,"score":182,"percentile":183},"2025-11-06",{"date":190,"score":182,"percentile":183},"2025-11-07",{"date":192,"score":182,"percentile":193},"2025-11-08",0.99461,{"date":195,"score":182,"percentile":193},"2025-11-09",{"date":197,"score":182,"percentile":193},"2025-11-10",{"date":199,"score":182,"percentile":193},"2025-11-11",{"date":201,"score":182,"percentile":202},"2025-11-12",0.99462,{"date":204,"score":182,"percentile":202},"2025-11-13",{"date":206,"score":182,"percentile":183},"2025-11-14",{"date":208,"score":182,"percentile":183},"2025-11-15",{"date":210,"score":182,"percentile":183},"2025-11-16",{"date":212,"score":182,"percentile":202},"2025-11-17",{"date":214,"score":215,"percentile":216},"2025-11-18",0.89804,0.99657,{"date":218,"score":215,"percentile":216},"2025-11-19",{"date":220,"score":215,"percentile":216},"2025-11-20",{"date":222,"score":182,"percentile":193},"2025-11-21",{"date":224,"score":182,"percentile":193},"2025-11-22",{"date":226,"score":182,"percentile":202},"2025-11-23",{"date":228,"score":182,"percentile":202},"2025-11-24",{"date":230,"score":182,"percentile":202},"2025-11-25",{"date":232,"score":182,"percentile":202},"2025-11-26",{"date":234,"score":182,"percentile":183},"2025-11-27",{"date":236,"score":182,"percentile":186},"2025-11-28",{"date":238,"score":182,"percentile":186},"2025-11-29",{"date":240,"score":182,"percentile":186},"2025-11-30",{"date":242,"score":243,"percentile":244},"2025-12-01",0.86859,0.99403,{"date":246,"score":243,"percentile":247},"2025-12-02",0.99402,{"date":249,"score":243,"percentile":250},"2025-12-03",0.99401,{"date":252,"score":182,"percentile":186},"2025-12-04",{"date":254,"score":182,"percentile":186},"2025-12-05",{"date":256,"score":182,"percentile":186},"2025-12-06",{"date":258,"score":182,"percentile":186},"2025-12-07",{"date":260,"score":182,"percentile":261},"2025-12-08",0.99466,{"date":263,"score":182,"percentile":261},"2025-12-09",{"date":265,"score":182,"percentile":266},"2025-12-10",0.99467,{"date":268,"score":182,"percentile":269},"2025-12-11",0.99468,{"date":271,"score":182,"percentile":272},"2025-12-12",0.99469,{"date":274,"score":182,"percentile":272},"2025-12-13",{"date":276,"score":182,"percentile":272},"2025-12-14",{"date":278,"score":182,"percentile":272},"2025-12-15",{"date":280,"score":182,"percentile":272},"2025-12-16",{"date":282,"score":182,"percentile":283},"2025-12-17",0.9947,{"date":285,"score":182,"percentile":283},"2025-12-18",{"date":287,"score":182,"percentile":283},"2025-12-19",{"date":289,"score":182,"percentile":283},"2025-12-20",{"date":291,"score":182,"percentile":292},"2025-12-21",0.99471,{"date":294,"score":182,"percentile":292},"2025-12-22",{"date":296,"score":182,"percentile":292},"2025-12-23",{"date":298,"score":182,"percentile":299},"2025-12-24",0.99472,{"date":301,"score":182,"percentile":299},"2025-12-25",{"date":303,"score":182,"percentile":292},"2025-12-26",{"date":305,"score":182,"percentile":299},"2025-12-27",{"date":307,"score":182,"percentile":283},"2025-12-28",{"date":309,"score":182,"percentile":283},"2025-12-29",{"date":311,"score":182,"percentile":292},"2025-12-30",{"date":313,"score":182,"percentile":292},"2025-12-31",{"date":315,"score":243,"percentile":316},"2026-01-01",0.99414,{"date":318,"score":243,"percentile":316},"2026-01-02",{"date":320,"score":243,"percentile":321},"2026-01-03",0.99415,{"date":323,"score":182,"percentile":292},"2026-01-04",{"date":325,"score":182,"percentile":292},"2026-01-05",{"date":327,"score":182,"percentile":292},"2026-01-06",{"date":329,"score":182,"percentile":299},"2026-01-07",{"date":331,"score":182,"percentile":299},"2026-01-08",{"date":333,"score":182,"percentile":334},"2026-01-09",0.99473,{"date":336,"score":182,"percentile":337},"2026-01-10",0.99474,{"date":339,"score":182,"percentile":337},"2026-01-11",{"date":341,"score":182,"percentile":337},"2026-01-12",{"date":343,"score":182,"percentile":337},"2026-01-13",{"date":345,"score":182,"percentile":346},"2026-01-14",0.99475,{"date":348,"score":182,"percentile":346},"2026-01-15",{"date":350,"score":182,"percentile":351},"2026-01-16",0.99476,{"date":353,"score":182,"percentile":354},"2026-01-17",0.99477,{"date":356,"score":182,"percentile":354},"2026-01-18",{"date":358,"score":182,"percentile":351},"2026-01-19",{"date":360,"score":182,"percentile":361},"2026-01-20",0.99478,{"date":363,"score":182,"percentile":361},"2026-01-21",{"date":365,"score":182,"percentile":361},"2026-01-22",{"date":367,"score":182,"percentile":368},"2026-01-23",0.99479,{"date":370,"score":182,"percentile":368},"2026-01-24",{"date":372,"score":373,"percentile":374},"2026-01-25",0.88589,0.99486,{"date":376,"score":373,"percentile":374},"2026-01-26",{"date":378,"score":373,"percentile":379},"2026-01-27",0.99487,{"date":381,"score":373,"percentile":379},"2026-01-28",{"date":383,"score":373,"percentile":379},"2026-01-29",{"date":385,"score":373,"percentile":379},"2026-01-30",{"date":387,"score":373,"percentile":379},"2026-01-31",{"date":389,"score":390,"percentile":269},"2026-02-01",0.87919,[392,396,398],{"source":96,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":393,"cvss_v4_0":9},{"baseScore":94,"baseSeverity":394,"vectorString":97,"impactScore":94,"exploitabilityScore":395},"CRITICAL",10,{"source":102,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":397,"cvss_v4_0":9},{"baseScore":94,"baseSeverity":394,"vectorString":97,"impactScore":94,"exploitabilityScore":395},{"source":103,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":399,"cvss_v4_0":400},{"baseScore":94,"baseSeverity":9,"vectorString":97,"impactScore":94,"exploitabilityScore":395},{"baseScore":401,"baseSeverity":9,"vectorString":402,"impactScore":9,"exploitabilityScore":9},9.2,"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",[404,428,445,461,470],{"ecosystem":9,"name":405,"vendor":406,"product":407,"cpe_part":408,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":409},"Apache Tomcat","apache software foundation","apache tomcat","a",[410,416,420,424],{"version":411,"is_range":412,"range_type":96,"version_start":413,"version_start_type":414,"version_end":415,"version_end_type":414,"fixed_in":9},">= 11.0.0-M1, \u003C= 11.0.1",true,"11.0.0-M1","including","11.0.1",{"version":417,"is_range":412,"range_type":96,"version_start":418,"version_start_type":414,"version_end":419,"version_end_type":414,"fixed_in":9},">= 10.1.0-M1, \u003C= 10.1.33","10.1.0-M1","10.1.33",{"version":421,"is_range":412,"range_type":96,"version_start":422,"version_start_type":414,"version_end":423,"version_end_type":414,"fixed_in":9},">= 9.0.0.M1, \u003C= 9.0.97","9.0.0.M1","9.0.97",{"version":425,"is_range":412,"range_type":96,"version_start":426,"version_start_type":414,"version_end":427,"version_end_type":414,"fixed_in":9},">= 8.5.0, \u003C= 8.5.100","8.5.0","8.5.100",{"ecosystem":9,"name":429,"vendor":9,"product":429,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":430},"Tomcat",[431,437,441],{"version":432,"is_range":412,"range_type":433,"version_start":434,"version_start_type":414,"version_end":435,"version_end_type":436,"fixed_in":9},"gte9.0.0_lt9.0.98","cpe","9.0.0","9.0.98","excluding",{"version":438,"is_range":412,"range_type":433,"version_start":439,"version_start_type":414,"version_end":440,"version_end_type":436,"fixed_in":9},"gte10.1.0_lt10.1.34","10.1.0","10.1.34",{"version":442,"is_range":412,"range_type":433,"version_start":443,"version_start_type":414,"version_end":444,"version_end_type":436,"fixed_in":9},"gte11.0.0_lt11.0.2","11.0.0","11.0.2",{"ecosystem":446,"name":447,"vendor":448,"product":449,"cpe_part":9,"purl_type":450,"purl_namespace":448,"purl_name":449,"source":9,"versions":451},"Maven","org.apache.tomcat:tomcat-catalina","org.apache.tomcat","tomcat-catalina","maven",[452,455,457,459],{"version":453,"is_range":412,"range_type":454,"version_start":413,"version_start_type":414,"version_end":444,"version_end_type":436,"fixed_in":9},"gte11_0_0_M1_lt11_0_2","ecosystem",{"version":456,"is_range":412,"range_type":454,"version_start":418,"version_start_type":414,"version_end":440,"version_end_type":436,"fixed_in":9},"gte10_1_0_M1_lt10_1_34",{"version":458,"is_range":412,"range_type":454,"version_start":422,"version_start_type":414,"version_end":435,"version_end_type":436,"fixed_in":9},"gte9_0_0_M1_lt9_0_98",{"version":460,"is_range":412,"range_type":454,"version_start":426,"version_start_type":414,"version_end":427,"version_end_type":414,"fixed_in":9},"gte8_5_0_lte8_5_100",{"ecosystem":446,"name":462,"vendor":463,"product":464,"cpe_part":9,"purl_type":450,"purl_namespace":463,"purl_name":464,"source":9,"versions":465},"org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed","tomcat-embed-core",[466,467,468,469],{"version":453,"is_range":412,"range_type":454,"version_start":413,"version_start_type":414,"version_end":444,"version_end_type":436,"fixed_in":9},{"version":456,"is_range":412,"range_type":454,"version_start":418,"version_start_type":414,"version_end":440,"version_end_type":436,"fixed_in":9},{"version":458,"is_range":412,"range_type":454,"version_start":422,"version_start_type":414,"version_end":435,"version_end_type":436,"fixed_in":9},{"version":460,"is_range":412,"range_type":454,"version_start":426,"version_start_type":414,"version_end":427,"version_end_type":414,"fixed_in":9},{"ecosystem":9,"name":471,"vendor":472,"product":473,"cpe_part":474,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":475},"bootstrap os","netapp","bootstrap_os","o",[476],{"version":477,"is_range":91,"range_type":433,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na"]