oss-sec mailing list archives

Re: CVE-2024-50379: Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

From: Nick Boyce <nick.boyce () gmail com>
Date: Wed, 18 Dec 2024 07:36:06 +0000

This issue affects Apache Tomcat: from 11.0.0-M1
through 11.0.1, from 10.1.0-M1 through 10.1.33,
from 9.0.0.M1 through 9.0.97

Users are recommended to upgrade to version 11.0.2,
10.1.34 or 9.0.08


Should that last fixed version be 9.0.98 ?

Nick

Current thread:

CVE-2024-50379: Apache Tomcat: RCE due to TOCTOU issue in JSP compilation Mark Thomas (Dec 17)
- Re: CVE-2024-50379: Apache Tomcat: RCE due to TOCTOU issue in JSP compilation Nick Boyce (Dec 18)