Hello There, Good day!
Could you kindly help clarify the following regarding CVE-2024-50379? In the default Tomcat setup, the readonly initialization parameter of the DefaultServlet is not write-enabled, even for a case-insensitive file system (Reference: https://tomcat.apache.org/tomcat-9.0-doc/default -servlet.html). Given this, am I correct in understanding that this vulnerability should not affect default Tomcat installations? I appreciate your guidance and look forward to your response. Kind regards Thiru
