Giters

wasimakh2 / JPAGenratorRelease

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-44487 (High) detected in tomcat-embed-core-9.0.22.jar

mend-bolt-for-github opened this issue · comments

commented

CVE-2023-44487 - High Severity Vulnerability

Vulnerable Library - tomcat-embed-core-9.0.22.jar

Core Tomcat implementation

Library home page: https://tomcat.apache.org/

Path to vulnerable library: /JPAGenrator-0.0.1-SNAPSHOT/WEB-INF/lib-provided/tomcat-embed-core-9.0.22.jar

Dependency Hierarchy:

  • tomcat-embed-core-9.0.22.jar (Vulnerable Library)

Found in base branch: master

Vulnerability Details

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Publish Date: 2023-10-10

URL: CVE-2023-44487

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-44487

Release Date: 2023-10-10

Fix Resolution: 9.0.81

Step up your Open Source Security Game with Mend here