GHSA-372q-33vh-8mpc

Suggest an improvement
Source
https://github.com/advisories/GHSA-372q-33vh-8mpc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-372q-33vh-8mpc/GHSA-372q-33vh-8mpc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-372q-33vh-8mpc
Aliases
Published
2022-05-14T01:10:15Z
Modified
2024-03-16T05:19:18.472607Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Inconsistent documentation in Apache Tomcat
Details

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.

Database specific
{
    "nvd_published_at": "2018-01-31T14:29:00Z",
    "cwe_ids": [
        "CWE-1068",
        "CWE-358"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-03T18:47:34Z"
}
References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0.M22
Fixed
9.0.2

Affected versions

9.*

9.0.0.M22
9.0.0.M25
9.0.0.M26
9.0.0.M27
9.0.1

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.5.16
Fixed
8.5.24

Affected versions

8.*

8.5.16
8.5.19
8.5.20
8.5.21
8.5.23

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.45
Fixed
8.0.48

Affected versions

8.*

8.0.45
8.0.46
8.0.47

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.79
Fixed
7.0.84

Affected versions

7.*

7.0.79
7.0.81
7.0.82