Bump org.apache.tomcat:tomcat-catalina from 8.0.14 to 9.0.107 in /testsuite/tomcat8 by dependabot[bot] · Pull Request #1 · eroad/keycloak

dependabot · 2025-07-31T04:47:43Z

Bumps org.apache.tomcat:tomcat-catalina from 8.0.14 to 9.0.107.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps org.apache.tomcat:tomcat-catalina from 8.0.14 to 9.0.107. --- updated-dependencies: - dependency-name: org.apache.tomcat:tomcat-catalina dependency-version: 9.0.107 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

jpeaks-eroad · 2025-07-31T09:52:07Z

Checkmarx One – Scan Summary & Details – 985d1dbb-8708-4ee2-a68a-b43afeedb128

New Issues (110)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2019-14888	Maven-io.undertow:undertow-core-1.1.1.Final	details Recommended version: 2.2.36.Final Description: A vulnerability was found in the Undertow HTTP server in versions through 2.0.28.SP1-redhat-00001, version 2.0.28.Final-redhat-00001, and version 2... Attack Vector: NETWORK Attack Complexity: LOW `ID: prANIBdl0yqYLiPXwxFh2Fu%2FbovSJrRndSiVNqzp9jg%3D` Vulnerable Package
CVE-2022-4492	Maven-io.undertow:undertow-core-1.1.1.Final	details Recommended version: 2.2.36.Final Description: The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at lea... Attack Vector: NETWORK Attack Complexity: LOW `ID: WL09nbeSCkJ7cWEPuDvWpMVVLKK4uO%2FVmoRb3UIeKFI%3D` Vulnerable Package
CVE-2023-1108	Maven-io.undertow:undertow-core-1.1.1.Final	details Recommended version: 2.2.36.Final Description: A flaw was found in undertow in versions prior to 2.2.24.Final, and 2.3.x prior to 2.3.5.Final. This issue makes achieving a Denial-of-Service (DoS... Attack Vector: NETWORK Attack Complexity: LOW `ID: BbTAoZnDhyrcZW%2FF6bMIvIx7hCZosjKHE1XO835w%2FcA%3D` Vulnerable Package
CVE-2023-1973	Maven-io.undertow:undertow-core-1.1.1.Final	details Recommended version: 2.2.36.Final Description: A flaw was found in Undertow package. Using the "FormAuthenticationMechanism", a malicious user could trigger a Denial of Service by sending crafte... Attack Vector: NETWORK Attack Complexity: LOW `ID: 5mz%2BGLhd1v2XoOC5JsCp%2BEH9wa8Gk7EJ91EQf%2BYgiVM%3D` Vulnerable Package
CVE-2023-3223	Maven-io.undertow:undertow-core-1.1.1.Final	details Recommended version: 2.2.36.Final Description: A flaw was found in undertow versions through 2.2.26.Final, and 2.3.0.Alpha1 through 2.3.8.Final. Servlets annotated with '@MultipartConfig' may ca... Attack Vector: NETWORK Attack Complexity: LOW `ID: Hdv8wxqRN4W%2B4eBHdEoUfccWfAhIh8jNNEXssekY18s%3D` Vulnerable Package
CVE-2023-4639	Maven-io.undertow:undertow-core-1.1.1.Final	details Recommended version: 2.2.36.Final Description: A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allo... Attack Vector: NETWORK Attack Complexity: HIGH `ID: luBkbozkON%2FIWveFDq6AN30ELTlInhOckda8IDQuOrg%3D` Vulnerable Package
CVE-2023-5379	Maven-io.undertow:undertow-core-1.1.1.Final	details Recommended version: 2.2.36.Final Description: A flaw was found in Undertow. When an AJP request is sent that exceeds the "max-header-size" attribute in "ajp-listener", JBoss EAP is marked in an... Attack Vector: NETWORK Attack Complexity: LOW `ID: 3JqrUa23xo%2Bb5xwY9Eg4j4U2%2BaeGVg8RNinVYD6yjks%3D` Vulnerable Package
CVE-2023-5685	Maven-org.jboss.xnio:xnio-api-3.3.0.Final	details Recommended version: 3.5.10.Final Description: A flaw was found in XNIO. The XNIO "NotifierState" that can cause a Stack Overflow Exception when the chain of notifier states becomes problematica... Attack Vector: NETWORK Attack Complexity: LOW `ID: GLa5o9zwiADQBen6OcNq0pV4ug3AuZX9u6%2BjYTHjb0E%3D` Vulnerable Package
CVE-2024-1635	Maven-io.undertow:undertow-core-1.1.1.Final	details Recommended version: 2.2.36.Final Description: A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious use... Attack Vector: NETWORK Attack Complexity: LOW `ID: j87qttbdCp4VeULFFxwdavd7y01J6mfmk8Qanpya7es%3D` Vulnerable Package
CVE-2024-21490	Npm-angular-1.4.4	details Description: This affects the package angular versions 1.3.0-beta.1 through 1.8.3. A Regular Expression used to split the value of the "ng-srcset" directive is ... Attack Vector: NETWORK Attack Complexity: LOW `ID: kFfX8uktl5Al7hn7matLKuMK0Z7mboE9cuR5bGLVHxw%3D` Vulnerable Package
CVE-2024-6162	Maven-io.undertow:undertow-core-1.1.1.Final	details Recommended version: 2.2.36.Final Description: A vulnerability was found in Undertow versions through 2.2.32.Final, and 2.3.0.Alpha1 through 2.3.13.Final are vulnerable to Denial-of-Service (DoS... Attack Vector: NETWORK Attack Complexity: LOW `ID: pAmxIGEbBWj1sk6YA9M8N5RKOXXWhuQ7qxz96xFoO0A%3D` Vulnerable Package
Relative_Path_Traversal	/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java: 62	details Method at line 62 of /services/src/main/java/org/keycloak/services/resources/WelcomeResource.java gets dynamic data from the path element. This ... `ID: t7%2BPcLW0WLzytcy%2FuSB2ELjG8YI%3D` Attack Vector
Relative_Path_Traversal	/services/src/main/java/org/keycloak/services/resources/ThemeResource.java: 42	details Method at line 42 of /services/src/main/java/org/keycloak/services/resources/ThemeResource.java gets dynamic data from the path element. This el... `ID: DkX1WXtwNSDy2M9ZlAGEzikdtHI%3D` Attack Vector
CVE-2021-20220	Maven-io.undertow:undertow-core-1.1.1.Final	details Recommended version: 2.2.36.Final Description: A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible aga... Attack Vector: NETWORK Attack Complexity: HIGH `ID: ccYZgdXDpbUxPjvm9MOMstTnlUqLLI%2B8UbE3q3%2F1X%2Bg%3D` Vulnerable Package
CVE-2023-26116	Npm-angular-1.4.4	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the "angular.copy()" utility function due to... Attack Vector: NETWORK Attack Complexity: LOW `ID: FCmK8xG0A8JErYx9tsL2UMRWzB8wACKVDrT4fWCMqEQ%3D` Vulnerable Package
CVE-2023-26116	Npm-angular-1.0.5	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the "angular.copy()" utility function due to... Attack Vector: NETWORK Attack Complexity: LOW `ID: QAwwMIeBEx6YzBc1vaY2YNFRIjoWtwSrZ0oRORygjmQ%3D` Vulnerable Package
CVE-2023-26116	Npm-angular-1.2.13	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the "angular.copy()" utility function due to... Attack Vector: NETWORK Attack Complexity: LOW `ID: SKLfGBNOJ%2BF9pfia84jrQ8kdz6PgGmVkKxExLiTq9ZI%3D` Vulnerable Package
CVE-2023-26116	Npm-angular-1.0.7	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the "angular.copy()" utility function due to... Attack Vector: NETWORK Attack Complexity: LOW `ID: TCRyXswJlkGl27qFUPQUEcTxL3pYoR58BUFy2k3kBvQ%3D` Vulnerable Package
CVE-2023-26116	Npm-angular-1.1.0	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the "angular.copy()" utility function due to... Attack Vector: NETWORK Attack Complexity: LOW `ID: wAU3aoneNhzWLliozUVvvufN2Tw0iFu%2Bsg0MNjnGBZ4%3D` Vulnerable Package
CVE-2023-26117	Npm-angular-1.4.4	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the `$resource` service due to the usage of ... Attack Vector: NETWORK Attack Complexity: LOW `ID: FLJoTfsjmtkLqS%2BYvBgaQ5A%2BtRhKd0JTJefi3D7EXl4%3D` Vulnerable Package
CVE-2023-26117	Npm-angular-1.0.5	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the `$resource` service due to the usage of ... Attack Vector: NETWORK Attack Complexity: LOW `ID: kMqAu9wHVd%2FCFN7dJnxe3aa7vb03pcfNpA8pKB7m%2Fno%3D` Vulnerable Package
CVE-2023-26117	Npm-angular-1.1.0	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the `$resource` service due to the usage of ... Attack Vector: NETWORK Attack Complexity: LOW `ID: QFytTi%2FodPQIrphhMg0qY7I9ku73nq8WahLUiV1r3Dk%3D` Vulnerable Package
CVE-2023-26117	Npm-angular-1.2.13	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the `$resource` service due to the usage of ... Attack Vector: NETWORK Attack Complexity: LOW `ID: qJnjqwRKD1HLfSPkWsoDlu6S05vb2mBoPNvdIV9jDh0%3D` Vulnerable Package
CVE-2023-26117	Npm-angular-1.0.7	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the `$resource` service due to the usage of ... Attack Vector: NETWORK Attack Complexity: LOW `ID: YGsu8qfe5ygjJ%2FmWPmMmfPsHKFvhnzHHYHKfLotivdQ%3D` Vulnerable Package
CVE-2023-26118	Npm-angular-1.2.13	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the "" element due to the ... Attack Vector: NETWORK Attack Complexity: LOW `ID: K6c4wRffA96dgS%2FCNCCqrZs2BL7ddxyh%2Fyxw4q%2FOzUA%3D` Vulnerable Package
CVE-2023-26118	Npm-angular-1.1.0	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the "" element due to the ... Attack Vector: NETWORK Attack Complexity: LOW `ID: mPB4rJlGgOUaP%2Bpan8s9eXh4OsMjw%2BObhqeLSM1hEjM%3D` Vulnerable Package
CVE-2023-26118	Npm-angular-1.0.7	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the "" element due to the ... Attack Vector: NETWORK Attack Complexity: LOW `ID: QD77l1UeG3%2Fgap82I1mXzOJjxkbgydtmEDAvdYmAe0E%3D` Vulnerable Package
CVE-2023-26118	Npm-angular-1.0.5	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the "" element due to the ... Attack Vector: NETWORK Attack Complexity: LOW `ID: Uezz%2BRx5Ee9Bb%2F314Au6hiTqUXkMAYhIOox4gB4sjM8%3D` Vulnerable Package
CVE-2023-26118	Npm-angular-1.4.4	details Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the "" element due to the ... Attack Vector: NETWORK Attack Complexity: LOW `ID: ZMHdcgR5rbGkyCOhpFgh7abjOUdA3mJD4K4QOpnlnXg%3D` Vulnerable Package
CVE-2024-1459	Maven-io.undertow:undertow-core-1.1.1.Final	details Recommended version: 2.2.36.Final Description: A Path Traversal vulnerability was found in Undertow versions prior to 2.2.31.Final and 2.3.x prior to 2.3.12.Final. This issue may allow a remote ... Attack Vector: NETWORK Attack Complexity: LOW `ID: CofHG3yf%2F4z9Ox00s9%2Butt4N%2BOoHjCzLLT5DcEnn%2FDE%3D` Vulnerable Package
CVE-2024-3653	Maven-io.undertow:undertow-core-1.1.1.Final	details Recommended version: 2.2.36.Final Description: A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default,... Attack Vector: NETWORK Attack Complexity: LOW `ID: 35SClL97DBpvxMRAIDmNJROZWUIc87o76SLGYv7bRJI%3D` Vulnerable Package
CVE-2024-4029	Maven-org.wildfly:wildfly-domain-http-interface-8.2.0.Final	details Description: A vulnerability was found in Wildfly's management interface. Due to the lack of limitation of sockets for the management interface, it may be possi... Attack Vector: LOCAL Attack Complexity: HIGH `ID: LDNqpndEbKPbuqOzqYnf3qnYPSR77q3xgqglY6zHg%2B8%3D` Vulnerable Package
CVE-2024-4029	Maven-org.wildfly:wildfly-server-8.2.0.Final	details Description: A vulnerability was found in Wildfly's management interface. Due to the lack of limitation of sockets for the management interface, it may be possi... Attack Vector: LOCAL Attack Complexity: HIGH `ID: muM1eWEcqTE4H7nQeQ7PYSGB%2B1350VGIEemlAbQHwsw%3D` Vulnerable Package
CVE-2024-8372	Npm-angular-1.4.4	details Description: Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can ... Attack Vector: NETWORK Attack Complexity: LOW `ID: t3FYVPk9nDn%2FN4i%2By9KMAbhY%2BeVc7lazSkjsil7fTmU%3D` Vulnerable Package
CVE-2024-8373	Npm-angular-1.1.0	details Description: Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source ... Attack Vector: NETWORK Attack Complexity: LOW `ID: 0zPIQ1OLMV2z5R%2Bex3lNKvn%2B6kPqZsM21T2RcTk4GZU%3D` Vulnerable Package
CVE-2024-8373	Npm-angular-1.0.5	details Description: Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source ... Attack Vector: NETWORK Attack Complexity: LOW `ID: bMt5Rb3nxII2GrfQ9B5BA8kLj403q0IGEZoeUDfoRXQ%3D` Vulnerable Package
CVE-2024-8373	Npm-angular-1.4.4	details Description: Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source ... Attack Vector: NETWORK Attack Complexity: LOW `ID: q7txk79y0nnGbSbmohG9rsmjb6V86hoMPglA35dTJzU%3D` Vulnerable Package
CVE-2024-8373	Npm-angular-1.0.7	details Description: Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source ... Attack Vector: NETWORK Attack Complexity: LOW `ID: Ue9oVXNs4GmM1DbsmKdJMT9yo5S7sW6nY0U91X183q4%3D` Vulnerable Package
CVE-2024-8373	Npm-angular-1.2.13	details Description: Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source ... Attack Vector: NETWORK Attack Complexity: LOW `ID: yXs02KqGmrPgNzyyNObpSYGwHQKytYvc0lAnmJlMgwo%3D` Vulnerable Package
CVE-2025-0716	Npm-angular-1.1.0	details Description: Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass comm... Attack Vector: NETWORK Attack Complexity: HIGH `ID: fuztV22vsms6qMjrWV2mmGmDntHWYu7Ot%2Bgc5d4nFiU%3D` Vulnerable Package

More results are available on the CxOne platform

Fixed Issues (1487)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~CVE-2012-0881~~	Maven-xerces:xercesImpl-2.9.1
	~~CVE-2013-4002~~	Maven-xerces:xercesImpl-2.9.1
	~~CVE-2013-7285~~	Maven-com.thoughtworks.xstream:xstream-1.4.4
	~~CVE-2014-0107~~	Maven-xalan:serializer-2.7.1
	~~CVE-2014-0107~~	Maven-xalan:xalan-2.7.1
	~~CVE-2014-0230~~	Maven-org.apache.tomcat:coyote-6.0.41
	~~CVE-2014-0230~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.54
	~~CVE-2014-9970~~	Maven-org.jasypt:jasypt-1.9.1
	~~CVE-2015-2080~~	Maven-org.eclipse.jetty:jetty-http-9.2.4.v20141103
	~~CVE-2015-2080~~	Maven-org.eclipse.jetty:jetty-util-9.2.4.v20141103
	~~CVE-2015-2156~~	Maven-org.jboss.netty:netty-3.2.6.Final
	~~CVE-2015-2156~~	Maven-io.netty:netty-all-4.0.26.Final
	~~CVE-2015-3250~~	Maven-org.apache.directory.api:api-ldap-model-1.0.0-M23
	~~CVE-2015-5211~~	Maven-org.springframework:spring-web-3.2.13.RELEASE
	~~CVE-2015-5211~~	Maven-org.springframework:spring-web-4.1.4.RELEASE
	~~CVE-2015-5346~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.59
	~~CVE-2015-5346~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.52
	~~CVE-2015-5346~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.54
	~~CVE-2015-5346~~	Maven-org.apache.tomcat:tomcat-catalina-8.0.14
	~~CVE-2015-5346~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.14
	~~CVE-2015-5346~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.54
	~~CVE-2015-5346~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.15
	~~CVE-2015-5346~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.59
	~~CVE-2015-5348~~	Maven-org.apache.camel:camel-jetty-common-2.15.1
	~~CVE-2016-0714~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.15
	~~CVE-2016-0714~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.59
	~~CVE-2016-0714~~	Maven-org.apache.tomcat:tomcat-catalina-8.0.14
	~~CVE-2016-0714~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.54
	~~CVE-2016-0714~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.52
	~~CVE-2016-0714~~	Maven-org.apache.tomcat:catalina-6.0.41
	~~CVE-2016-0714~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.54
	~~CVE-2016-0714~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.59
	~~CVE-2016-0714~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.14
	~~CVE-2016-0750~~	Maven-org.infinispan:infinispan-client-hotrod-7.2.3.Final
	~~CVE-2016-0750~~	Maven-org.infinispan:infinispan-client-hotrod-5.1.4.FINAL
	~~CVE-2016-1000027~~	Maven-org.springframework:spring-web-3.2.13.RELEASE
	~~CVE-2016-1000027~~	Maven-org.springframework:spring-web-4.1.4.RELEASE
	~~CVE-2016-1000027~~	Maven-org.springframework:spring-webmvc-4.1.4.RELEASE
	~~CVE-2016-1000338~~	Maven-org.bouncycastle:bcprov-jdk15on-1.50
	~~CVE-2016-1000342~~	Maven-org.bouncycastle:bcprov-jdk15on-1.50
	~~CVE-2016-1000343~~	Maven-org.bouncycastle:bcprov-jdk15on-1.50
	~~CVE-2016-1000344~~	Maven-org.bouncycastle:bcprov-jdk15on-1.50
	~~CVE-2016-1000352~~	Maven-org.bouncycastle:bcprov-jdk15on-1.50
	~~CVE-2016-10707~~	Npm-jquery-1.10.2
	~~CVE-2016-2141~~	Maven-org.jgroups:jgroups-3.6.4.Final
	~~CVE-2016-2141~~	Maven-org.jgroups:jgroups-3.0.9.Final
	~~CVE-2016-2141~~	Maven-org.jgroups:jgroups-3.4.1.Final
	~~CVE-2016-2510~~	Maven-org.beanshell:bsh-2.0b5
	~~CVE-2016-3674~~	Maven-com.thoughtworks.xstream:xstream-1.4.4
	~~CVE-2016-4800~~	Maven-org.eclipse.jetty:jetty-util-9.1.5.v20140505
	~~CVE-2016-4800~~	Maven-org.eclipse.jetty:jetty-util-8.1.16.v20140903
	~~CVE-2016-4800~~	Maven-org.eclipse.jetty:jetty-util-8.1.15.v20140411
	~~CVE-2016-4800~~	Maven-org.eclipse.jetty:jetty-util-8.1.17.v20150415
	~~CVE-2016-4970~~	Maven-io.netty:netty-all-4.0.26.Final
	~~CVE-2016-5007~~	Maven-org.springframework.security:spring-security-config-3.2.7.RELEASE
	~~CVE-2016-5018~~	Maven-org.apache.tomcat:jasper-6.0.41
	~~CVE-2016-5388~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.59
	~~CVE-2016-5388~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.52
	~~CVE-2016-5388~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.59
	~~CVE-2016-5388~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.54
	~~CVE-2016-5388~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.15
	~~CVE-2016-5388~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.54
	~~CVE-2016-5388~~	Maven-org.apache.tomcat:tomcat-catalina-8.0.14
	~~CVE-2016-5388~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.14
	~~CVE-2016-6346~~	Maven-org.jboss.resteasy:resteasy-jaxrs-2.3.7.Final
	~~CVE-2016-6346~~	Maven-org.jboss.resteasy:resteasy-jaxrs-3.0.9.Final
	~~CVE-2016-6796~~	Maven-org.apache.tomcat:jasper-6.0.41
	~~CVE-2016-6797~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.54
	~~CVE-2016-6797~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.59
	~~CVE-2016-6797~~	Maven-org.apache.tomcat:catalina-6.0.41
	~~CVE-2016-6797~~	Maven-org.apache.tomcat:tomcat-catalina-8.0.14
	~~CVE-2016-6797~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.52
	~~CVE-2016-6816~~	Maven-org.apache.tomcat:coyote-6.0.41
	~~CVE-2016-6816~~	Maven-org.apache.tomcat:tomcat-coyote-8.0.14
	~~CVE-2016-8739~~	Maven-org.apache.cxf:cxf-rt-frontend-jaxrs-3.0.4
	~~CVE-2016-8745~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.54
	~~CVE-2016-8745~~	Maven-org.apache.tomcat:coyote-6.0.41
	~~CVE-2016-8745~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.59
	~~CVE-2016-8745~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.14
	~~CVE-2016-8745~~	Maven-org.apache.tomcat:tomcat-coyote-8.0.14
	~~CVE-2016-8745~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.15
	~~CVE-2016-9606~~	Maven-org.jboss.resteasy:resteasy-yaml-provider-3.0.11.Final
	~~CVE-2016-9878~~	Maven-org.springframework:spring-webmvc-4.1.4.RELEASE
	~~CVE-2016-9879~~	Maven-org.springframework.security:spring-security-web-3.2.7.RELEASE
	~~CVE-2017-1000487~~	Maven-org.codehaus.plexus:plexus-utils-3.0.15
	~~CVE-2017-1000487~~	Maven-org.codehaus.plexus:plexus-utils-2.0.6
	~~CVE-2017-12615~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.54
	~~CVE-2017-12615~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.52
	~~CVE-2017-12615~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.59
	~~CVE-2017-12616~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.54
	~~CVE-2017-12616~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.52
	~~CVE-2017-12616~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.54
	~~CVE-2017-12616~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.59
	~~CVE-2017-12616~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.59
	~~CVE-2017-12617~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.54
	~~CVE-2017-12617~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.14
	~~CVE-2017-12617~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.15
	~~CVE-2017-12617~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.54
	~~CVE-2017-12617~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.59
	~~CVE-2017-12617~~	Maven-org.apache.tomcat:tomcat-catalina-8.0.14
	~~CVE-2017-12617~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.59
	~~CVE-2017-12617~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.52
	~~CVE-2017-12633~~	Maven-org.apache.camel:camel-core-2.15.1
	~~CVE-2017-15089~~	Maven-org.infinispan:infinispan-client-hotrod-7.2.3.Final
	~~CVE-2017-15089~~	Maven-org.infinispan:infinispan-client-hotrod-5.1.4.FINAL
	~~CVE-2017-15095~~	Maven-com.fasterxml.jackson.core:jackson-databind-2.4.4
	~~CVE-2017-15095~~	Maven-com.fasterxml.jackson.core:jackson-databind-2.5.1
	~~CVE-2017-17485~~	Maven-com.fasterxml.jackson.core:jackson-databind-2.5.1
	~~CVE-2017-17485~~	Maven-com.fasterxml.jackson.core:jackson-databind-2.4.4
	~~CVE-2017-18640~~	Maven-org.yaml:snakeyaml-1.15
	~~CVE-2017-18640~~	Maven-org.yaml:snakeyaml-1.14
	~~CVE-2017-3156~~	Maven-org.apache.cxf:cxf-core-3.0.5
	~~CVE-2017-3156~~	Maven-org.apache.cxf:cxf-core-3.0.4
	~~CVE-2017-5643~~	Maven-org.apache.camel:camel-core-2.15.1
	~~CVE-2017-5647~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.59
	~~CVE-2017-5647~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.54
	~~CVE-2017-5647~~	Maven-org.apache.tomcat:tomcat-coyote-8.0.14
	~~CVE-2017-5647~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.14
	~~CVE-2017-5647~~	Maven-org.apache.tomcat:coyote-6.0.41
	~~CVE-2017-5647~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.15
	~~CVE-2017-5648~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.52
	~~CVE-2017-5648~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.15
	~~CVE-2017-5648~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.54
	~~CVE-2017-5648~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.59
	~~CVE-2017-5648~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.59
	~~CVE-2017-5648~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.54
	~~CVE-2017-5648~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.14
	~~CVE-2017-5648~~	Maven-org.apache.tomcat:tomcat-catalina-8.0.14
	~~CVE-2017-5651~~	Maven-org.apache.tomcat:tomcat-coyote-8.0.14
	~~CVE-2017-5656~~	Maven-org.apache.cxf:cxf-rt-ws-security-3.0.5
	~~CVE-2017-5664~~	Maven-org.apache.tomcat:tomcat-catalina-8.0.14
	~~CVE-2017-5664~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.59
	~~CVE-2017-5664~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.52
	~~CVE-2017-5664~~	Maven-org.apache.tomcat:tomcat-catalina-7.0.54
	~~CVE-2017-5929~~	Maven-ch.qos.logback:logback-core-1.1.2
	~~CVE-2017-5929~~	Maven-ch.qos.logback:logback-classic-1.1.2
	~~CVE-2017-6056~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.59
	~~CVE-2017-6056~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-7.0.54
	~~CVE-2017-6056~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.14
	~~CVE-2017-6056~~	Maven-org.apache.tomcat.embed:tomcat-embed-core-8.0.15
	~~CVE-2017-6056~~	Maven-org.apache.tomcat:tomcat-coyote-8.0.14
	~~CVE-2017-7525~~	Maven-com.fasterxml.jackson.core:jackson-databind-2.5.1
	~~CVE-2017-7525~~	Maven-com.fasterxml.jackson.core:jackson-databind-2.4.4
	~~CVE-2017-7561~~	Maven-org.jboss.resteasy:resteasy-jaxrs-3.0.9.Final
	~~CVE-2017-7656~~	Maven-org.eclipse.jetty:jetty-server-8.1.16.v20140903
	~~CVE-2017-7656~~	Maven-org.eclipse.jetty:jetty-http-8.1.15.v20140411
	~~CVE-2017-7656~~	Maven-org.eclipse.jetty:jetty-server-9.2.4.v20141103
	~~CVE-2017-7656~~	Maven-org.eclipse.jetty:jetty-http-8.1.16.v20140903
	~~CVE-2017-7656~~	Maven-org.eclipse.jetty:jetty-http-9.2.4.v20141103
	~~CVE-2017-7656~~	Maven-org.eclipse.jetty:jetty-http-8.1.17.v20150415
	~~CVE-2017-7656~~	Maven-org.eclipse.jetty:jetty-server-8.1.15.v20140411
	~~CVE-2017-7656~~	Maven-org.eclipse.jetty:jetty-server-9.1.5.v20140505
	~~CVE-2017-7656~~	Maven-org.eclipse.jetty:jetty-server-8.1.17.v20150415
	~~CVE-2017-7656~~	Maven-org.eclipse.jetty:jetty-http-9.1.5.v20140505
	~~CVE-2017-7657~~	Maven-org.eclipse.jetty:jetty-server-8.1.16.v20140903
	~~CVE-2017-7657~~	Maven-org.eclipse.jetty:jetty-server-9.2.4.v20141103
	~~CVE-2017-7657~~	Maven-org.eclipse.jetty:jetty-http-9.2.4.v20141103
	~~CVE-2017-7657~~	Maven-org.eclipse.jetty:jetty-http-8.1.16.v20140903

More results are available on the CxOne platform

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jul 31, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump org.apache.tomcat:tomcat-catalina from 8.0.14 to 9.0.107 in /testsuite/tomcat8#1

Bump org.apache.tomcat:tomcat-catalina from 8.0.14 to 9.0.107 in /testsuite/tomcat8#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/testsuite/tomcat8/org.apache.tomcat-tomcat-catalina-9.0.107

dependabot bot commented on behalf of github Jul 31, 2025

Uh oh!

jpeaks-eroad commented Jul 31, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Jul 31, 2025

Uh oh!

jpeaks-eroad commented Jul 31, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant