org.apache.tomcat:tomcat-jasper

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.tomcat:tomcat-jasperpage 1 of 1

CVE-2014-0119NONECVSS 0.0EG 0.0✓ Fixed in 8.0.6
2014-05-31
vulnerable: 8.0.1, 8.0.3, 8.0.5
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a cr…
CVE-2016-5018CRITICALCVSS 9.1EG 9.1✓ Fixed in 7.0.72
2017-08-10
vulnerable: 7.0.0 ... 7.0.8 (48 versions)
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to …
CVE-2024-52318MEDIUMCVSS 6.1EG 6.1✓ Fixed in 9.0.97
2024-11-18
vulnerable: 9.0.96
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

Check whether org.apache.tomcat:tomcat-jasper is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.tomcat:tomcat-jasper CVEs against the assets you own.

Start Free Scan →