VYPR

Maven package

org.apache.tomcat.embed/tomcat-embed-websocket

pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket

Vulnerabilities (2)

  • CVE-2024-23672Mar 13, 2024
    affected >= 11.0.0-M1, < 11.0.0-M17fixed 11.0.0-M17

    Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through

  • CVE-2020-13935Jul 14, 2020
    affected >= 7.0.27, < 7.0.105fixed 7.0.105

    The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lea