oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-52318: Apache Tomcat: Incorrect JSP tag recycling leads to XSS

From: Mark Thomas <markt () apache org>
Date: Mon, 18 Nov 2024 12:22:51 +0000
Severity: important

Affected versions:

- Apache Tomcat 11.0.0
- Apache Tomcat 10.1.31
- Apache Tomcat 9.0.96

Description:

Incorrect object recycling and reuse vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96.
Users are recommended to upgrade to version 11.0.1, 10.1.33 or 9.0.97, which fixes the issue. 
Note: 10.1.32 includes the fix but was not released

References:

https://lists.apache.org/thread/co243cw1nlh6p521c5265cm839wkqdp9
https://tomcat.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-52318
Previous By Date Next
Previous By Thread Next

Current thread: