[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2023-0138":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":30,"duplicates":31,"related":32,"reserved_at":9,"published_at":41,"modified_at":42,"state":9,"summary":43,"references_raw":45,"kevs":102,"epss":9,"epss_history":103,"metrics":104,"affected":105},"MGASA-2023-0138","Updated tomcat packages fix security vulnerability\n\nInformation disclosure due to concurrency bug (CVE-2021-43980)\nFix for CVE-2020-9484 introduced a time of check, time of use\nvulnerability (CVE-2022-23181)\nCorrect documentation to warn of use over untrusted networks.\n(CVE-2022-29885)\nCorrect documentation showing use of XSS vulnerability. (CVE-2022-34305)\nFix to reject invalid Content-Length header (CVE-2022-42252)\nFix escaping of the type, message or description values. (CVE-2022-45143)\nFix FileUpload limiting of the number of request parts to be processed\nto prevent the possibility of an attacker triggering a DoS (CVE-2023-24998)\nFix setting of session cookie secure attribute when using RemoteIpFilter\nwith X-Forwarded-Proto header set to https (CVE-2023-28708)\nObsolete tomcat-jsvc\n",null,[],[],[],[14,16,18,20,22,24,26,28],{"_key":15},"CVE-2021-43980",{"_key":17},"CVE-2022-23181",{"_key":19},"CVE-2022-29885",{"_key":21},"CVE-2022-34305",{"_key":23},"CVE-2022-42252",{"_key":25},"CVE-2022-45143",{"_key":27},"CVE-2023-24998",{"_key":29},"CVE-2023-28708",[],[],[33,34,35,36,37,38,39,40],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},"2023-04-15T19:03:44Z","2026-04-16T04:23:25.417545Z",{"cisa_kev":44,"cisa_ransomware":44,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[46,52,57,62,66,70,74,78,82,86,90,94,98],{"url":47,"sources":48,"tags":50},"https://advisories.mageia.org/MGASA-2023-0138.html",[49],"osv_mageia",[51],"Advisory",{"url":53,"sources":54,"tags":55},"https://bugs.mageia.org/show_bug.cgi?id=30113",[49],[56],"REPORT",{"url":58,"sources":59,"tags":60},"https://lists.suse.com/pipermail/sle-security-updates/2022-March/010339.html",[49],[56,61],"WEB",{"url":63,"sources":64,"tags":65},"https://lists.suse.com/pipermail/sle-security-updates/2022-April/010734.html",[49],[56,61],{"url":67,"sources":68,"tags":69},"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.65",[49],[56,61],{"url":71,"sources":72,"tags":73},"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.62",[49],[56,61],{"url":75,"sources":76,"tags":77},"https://www.debian.org/lts/security/2022/dla-3160",[49],[56,61],{"url":79,"sources":80,"tags":81},"https://www.debian.org/security/2022/dsa-5265",[49],[56,61],{"url":83,"sources":84,"tags":85},"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.68",[49],[56,61],{"url":87,"sources":88,"tags":89},"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.69",[49],[56,61],{"url":91,"sources":92,"tags":93},"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.71",[49],[56,61],{"url":95,"sources":96,"tags":97},"https://lists.suse.com/pipermail/sle-security-updates/2023-March/014018.html",[49],[56,61],{"url":99,"sources":100,"tags":101},"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.72",[49],[56,61],[],[],[],[106],{"ecosystem":107,"name":108,"vendor":109,"product":108,"cpe_part":9,"purl_type":110,"purl_namespace":109,"purl_name":108,"source":9,"versions":111},"Mageia","tomcat","mageia","rpm",[112],{"version":113,"is_range":114,"range_type":115,"version_start":9,"version_start_type":9,"version_end":116,"version_end_type":117,"fixed_in":9},"lt9_0_73_1_1_mga8",true,"ecosystem","9.0.73-1.1.mga8","excluding"]