CVE-2021-42340

Missing Release of Resource after Effective Lifetime in maven/org.apache.tomcat/tomcat

Identifiers

CVE-2021-42340

Package Slug

maven/org.apache.tomcat/tomcat

Vulnerability

Missing Release of Resource after Effective Lifetime

Description

tomcat is vulnerable to a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Affected Versions

All versions starting from 8.5.60 before 8.5.72, all versions starting from 9.0.4 before 9.0.54, all versions starting from 10.0.0 up to 10.0.12, version 10.1.0

Solution

Upgrade to versions 8.5.72, 9.0.54, 10.1.0-M1 or above.

Last Modified

2021-10-21

source