GHSA-h3gc-qfqq-6h8f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h3gc-qfqq-6h8f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-h3gc-qfqq-6h8f/GHSA-h3gc-qfqq-6h8f.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-h3gc-qfqq-6h8f
- Aliases
- Related
- Published
- 2025-06-16T15:32:28Z
- Modified
- 2025-06-20T10:42:03.249126Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Apache Tomcat - DoS in multipart upload
- Details
-
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.
Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
- Database specific
{ "nvd_published_at": "2025-06-16T15:15:24Z", "cwe_ids": [ "CWE-770" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2025-06-16T17:50:09Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-48988
- https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e
- https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6
- https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910
- https://github.com/apache/tomcat
- https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18
- https://tomcat.apache.org/security-10.html
- https://tomcat.apache.org/security-11.html
- https://tomcat.apache.org/security-9.html
- http://www.openwall.com/lists/oss-security/2025/06/16/1
Affected packages
Maven / org.apache.tomcat:tomcat-catalina
Package
- Name
- org.apache.tomcat:tomcat-catalina
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat/tomcat-catalina
Affected versions
11.*
11.0.0-M1
11.0.0-M3
11.0.0-M4
11.0.0-M5
11.0.0-M6
11.0.0-M7
11.0.0-M9
11.0.0-M10
11.0.0-M11
11.0.0-M12
11.0.0-M13
11.0.0-M14
11.0.0-M15
11.0.0-M16
11.0.0-M17
11.0.0-M18
11.0.0-M19
11.0.0-M20
11.0.0-M21
11.0.0-M22
11.0.0-M24
11.0.0-M25
11.0.0-M26
11.0.0
11.0.1
11.0.2
11.0.3
11.0.4
11.0.5
11.0.6
11.0.7
Maven / org.apache.tomcat:tomcat-catalina
Package
- Name
- org.apache.tomcat:tomcat-catalina
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat/tomcat-catalina
Affected versions
10.*
10.1.0-M1
10.1.0-M2
10.1.0-M4
10.1.0-M5
10.1.0-M6
10.1.0-M7
10.1.0-M8
10.1.0-M10
10.1.0-M11
10.1.0-M12
10.1.0-M14
10.1.0-M15
10.1.0-M16
10.1.0-M17
10.1.0
10.1.1
10.1.2
10.1.4
10.1.5
10.1.6
10.1.7
10.1.8
10.1.9
10.1.10
10.1.11
10.1.12
10.1.13
10.1.14
10.1.15
10.1.16
10.1.17
10.1.18
10.1.19
10.1.20
10.1.23
10.1.24
10.1.25
10.1.26
10.1.28
10.1.29
10.1.30
10.1.31
10.1.33
10.1.34
10.1.35
10.1.36
10.1.39
10.1.40
10.1.41
Maven / org.apache.tomcat:tomcat-catalina
Package
- Name
- org.apache.tomcat:tomcat-catalina
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat/tomcat-catalina
Affected versions
9.*
9.0.0.M1
9.0.0.M3
9.0.0.M4
9.0.0.M6
9.0.0.M8
9.0.0.M9
9.0.0.M10
9.0.0.M11
9.0.0.M13
9.0.0.M15
9.0.0.M17
9.0.0.M18
9.0.0.M19
9.0.0.M20
9.0.0.M21
9.0.0.M22
9.0.0.M25
9.0.0.M26
9.0.0.M27
9.0.1
9.0.2
9.0.4
9.0.5
9.0.6
9.0.7
9.0.8
9.0.10
9.0.11
9.0.12
9.0.13
9.0.14
9.0.16
9.0.17
9.0.19
9.0.20
9.0.21
9.0.22
9.0.24
9.0.26
9.0.27
9.0.29
9.0.30
9.0.31
9.0.33
9.0.34
9.0.35
9.0.36
9.0.37
9.0.38
9.0.39
9.0.40
9.0.41
9.0.43
9.0.44
9.0.45
9.0.46
9.0.48
9.0.50
9.0.52
9.0.53
9.0.54
9.0.55
9.0.56
9.0.58
9.0.59
9.0.60
9.0.62
9.0.63
9.0.64
9.0.65
9.0.67
9.0.68
9.0.69
9.0.70
9.0.71
9.0.72
9.0.73
9.0.74
9.0.75
9.0.76
9.0.78
9.0.79
9.0.80
9.0.81
9.0.82
9.0.83
9.0.84
9.0.85
9.0.86
9.0.87
9.0.88
9.0.89
9.0.90
9.0.91
9.0.93
9.0.94
9.0.95
9.0.96
9.0.97
9.0.98
9.0.99
9.0.100
9.0.102
9.0.104
9.0.105
Maven / org.apache.tomcat.embed:tomcat-embed-core
Package
- Name
- org.apache.tomcat.embed:tomcat-embed-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat.embed/tomcat-embed-core
Affected versions
11.*
11.0.0-M1
11.0.0-M3
11.0.0-M4
11.0.0-M5
11.0.0-M6
11.0.0-M7
11.0.0-M9
11.0.0-M10
11.0.0-M11
11.0.0-M12
11.0.0-M13
11.0.0-M14
11.0.0-M15
11.0.0-M16
11.0.0-M17
11.0.0-M18
11.0.0-M19
11.0.0-M20
11.0.0-M21
11.0.0-M22
11.0.0-M24
11.0.0-M25
11.0.0-M26
11.0.0
11.0.1
11.0.2
11.0.3
11.0.4
11.0.5
11.0.6
11.0.7
Maven / org.apache.tomcat.embed:tomcat-embed-core
Package
- Name
- org.apache.tomcat.embed:tomcat-embed-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat.embed/tomcat-embed-core
Affected versions
10.*
10.1.0-M1
10.1.0-M2
10.1.0-M4
10.1.0-M5
10.1.0-M6
10.1.0-M7
10.1.0-M8
10.1.0-M10
10.1.0-M11
10.1.0-M12
10.1.0-M14
10.1.0-M15
10.1.0-M16
10.1.0-M17
10.1.0
10.1.1
10.1.2
10.1.4
10.1.5
10.1.6
10.1.7
10.1.8
10.1.9
10.1.10
10.1.11
10.1.12
10.1.13
10.1.14
10.1.15
10.1.16
10.1.17
10.1.18
10.1.19
10.1.20
10.1.23
10.1.24
10.1.25
10.1.26
10.1.28
10.1.29
10.1.30
10.1.31
10.1.33
10.1.34
10.1.35
10.1.36
10.1.39
10.1.40
10.1.41
Maven / org.apache.tomcat.embed:tomcat-embed-core
Package
- Name
- org.apache.tomcat.embed:tomcat-embed-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat.embed/tomcat-embed-core
Affected versions
9.*
9.0.0.M1
9.0.0.M3
9.0.0.M4
9.0.0.M6
9.0.0.M8
9.0.0.M9
9.0.0.M10
9.0.0.M11
9.0.0.M13
9.0.0.M15
9.0.0.M17
9.0.0.M18
9.0.0.M19
9.0.0.M20
9.0.0.M21
9.0.0.M22
9.0.0.M25
9.0.0.M26
9.0.0.M27
9.0.1
9.0.2
9.0.4
9.0.5
9.0.6
9.0.7
9.0.8
9.0.10
9.0.11
9.0.12
9.0.13
9.0.14
9.0.16
9.0.17
9.0.19
9.0.20
9.0.21
9.0.22
9.0.24
9.0.26
9.0.27
9.0.29
9.0.30
9.0.31
9.0.33
9.0.34
9.0.35
9.0.36
9.0.37
9.0.38
9.0.39
9.0.40
9.0.41
9.0.43
9.0.44
9.0.45
9.0.46
9.0.48
9.0.50
9.0.52
9.0.53
9.0.54
9.0.55
9.0.56
9.0.58
9.0.59
9.0.60
9.0.62
9.0.63
9.0.64
9.0.65
9.0.67
9.0.68
9.0.69
9.0.70
9.0.71
9.0.72
9.0.73
9.0.74
9.0.75
9.0.76
9.0.78
9.0.79
9.0.80
9.0.81
9.0.82
9.0.83
9.0.84
9.0.85
9.0.86
9.0.87
9.0.88
9.0.89
9.0.90
9.0.91
9.0.93
9.0.94
9.0.95
9.0.96
9.0.97
9.0.98
9.0.99
9.0.100
9.0.102
9.0.104
9.0.105