From 5ae4fda328652632db54f29b66fdc4f7425bec09 Mon Sep 17 00:00:00 2001 From: yusuke-koyoshi <92022336+yusuke-koyoshi@users.noreply.github.com> Date: Thu, 21 May 2026 14:47:38 +0900 Subject: [PATCH] Improve GHSA-653p-vg55-5652 --- .../12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/advisories/github-reviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json b/advisories/github-reviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json index 8483650019f1b..bcd19ee21eb7c 100644 --- a/advisories/github-reviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json +++ b/advisories/github-reviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-653p-vg55-5652", - "modified": "2026-05-20T22:06:04Z", + "modified": "2026-05-20T22:06:08Z", "published": "2024-12-17T15:31:43Z", "aliases": [ "CVE-2024-54677" @@ -9,13 +9,9 @@ "summary": "Apache Tomcat Uncontrolled Resource Consumption vulnerability", "details": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.\n\nThis vulnerability does not affect core Apache Tomcat server components (tomcat-catalina, tomcat-coyote, tomcat-embed-core, etc.). Removing the `webapps/examples/` directory in production environments — as recommended by the [Apache Tomcat Security Considerations documentation](https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Examples) — eliminates the attack surface entirely.", "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" - }, { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" } ], "affected": [ @@ -79,7 +75,7 @@ { "package": { "ecosystem": "Maven", - "name": "org.apache.tomcat:tomcat-catalina" + "name": "org.apache.tomcat:tomcat" }, "ranges": [ { @@ -234,7 +230,7 @@ "cwe_ids": [ "CWE-400" ], - "severity": "LOW", + "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-12-17T16:41:30Z", "nvd_published_at": "2024-12-17T13:15:18Z"