[oss-security] CVE-2024-52318: Apache Tomcat: Incorrect JSP tag recycling leads to XSS

Mark Thomas Mon, 18 Nov 2024 07:38:40 -0800

Severity: important

Affected versions:


- Apache Tomcat 11.0.0
- Apache Tomcat 10.1.31
- Apache Tomcat 9.0.96

Description:

Incorrect object recycling and reuse vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96.

Users are recommended to upgrade to version 11.0.1, 10.1.33 or 9.0.97,which fixes the issue.

Note: 10.1.32 includes the fix but was not released

References:

https://lists.apache.org/thread/co243cw1nlh6p521c5265cm839wkqdp9
https://tomcat.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-52318

[oss-security] CVE-2024-52318: Apache Tomcat: Incorrect JSP tag recycling leads to XSS

Reply via email to