Skip to content

Commit abe74dc

Browse files
tkwilli94tkwilli94
committed
1 parent 13e40d1 commit abe74dc

File tree

1 file changed

+36
-17
lines changed

1 file changed

+36
-17
lines changed

advisories/github-reviewed/2026/04/GHSA-h468-7pvh-8vr8/GHSA-h468-7pvh-8vr8.json

Lines changed: 36 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,14 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-h468-7pvh-8vr8",
4-
"modified": "2026-04-10T21:32:09Z",
4+
"modified": "2026-04-10T21:32:12Z",
55
"published": "2026-04-09T21:31:29Z",
66
"aliases": [
77
"CVE-2026-29146"
88
],
99
"summary": "Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor",
1010
"details": "Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.",
1111
"severity": [
12-
{
13-
"type": "CVSS_V3",
14-
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
15-
},
1612
{
1713
"type": "CVSS_V4",
1814
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
@@ -22,7 +18,7 @@
2218
{
2319
"package": {
2420
"ecosystem": "Maven",
25-
"name": "org.apache.tomcat:tomcat-catalina"
21+
"name": "org.apache.tomcat:tomcat-tribes"
2622
},
2723
"ranges": [
2824
{
@@ -41,7 +37,7 @@
4137
{
4238
"package": {
4339
"ecosystem": "Maven",
44-
"name": "org.apache.tomcat:tomcat-catalina"
40+
"name": "org.apache.tomcat:tomcat-tribes"
4541
},
4642
"ranges": [
4743
{
@@ -60,7 +56,7 @@
6056
{
6157
"package": {
6258
"ecosystem": "Maven",
63-
"name": "org.apache.tomcat:tomcat-catalina"
59+
"name": "org.apache.tomcat:tomcat-tribes"
6460
},
6561
"ranges": [
6662
{
@@ -136,17 +132,17 @@
136132
{
137133
"package": {
138134
"ecosystem": "Maven",
139-
"name": "org.apache.tomcat.embed:tomcat-embed-core"
135+
"name": "org.apache.tomcat:tomcat"
140136
},
141137
"ranges": [
142138
{
143139
"type": "ECOSYSTEM",
144140
"events": [
145141
{
146-
"introduced": "9.0.13"
142+
"introduced": "8.5.38"
147143
},
148144
{
149-
"fixed": "9.0.116"
145+
"last_affected": "8.5.100"
150146
}
151147
]
152148
}
@@ -155,17 +151,17 @@
155151
{
156152
"package": {
157153
"ecosystem": "Maven",
158-
"name": "org.apache.tomcat.embed:tomcat-embed-core"
154+
"name": "org.apache.tomcat:tomcat"
159155
},
160156
"ranges": [
161157
{
162158
"type": "ECOSYSTEM",
163159
"events": [
164160
{
165-
"introduced": "10.1.50"
161+
"introduced": "7.0.100"
166162
},
167163
{
168-
"fixed": "10.1.53"
164+
"last_affected": "7.0.109"
169165
}
170166
]
171167
}
@@ -174,17 +170,36 @@
174170
{
175171
"package": {
176172
"ecosystem": "Maven",
177-
"name": "org.apache.tomcat.embed:tomcat-embed-core"
173+
"name": "org.apache.tomcat:tomcat-tribes"
178174
},
179175
"ranges": [
180176
{
181177
"type": "ECOSYSTEM",
182178
"events": [
183179
{
184-
"introduced": "11.0.0-M1"
180+
"introduced": "8.5.38"
185181
},
186182
{
187-
"fixed": "11.0.19"
183+
"last_affected": "8.5.100"
184+
}
185+
]
186+
}
187+
]
188+
},
189+
{
190+
"package": {
191+
"ecosystem": "Maven",
192+
"name": "org.apache.tomcat:tomcat-tribes"
193+
},
194+
"ranges": [
195+
{
196+
"type": "ECOSYSTEM",
197+
"events": [
198+
{
199+
"introduced": "7.0.100"
200+
},
201+
{
202+
"last_affected": "7.0.109"
188203
}
189204
]
190205
}
@@ -204,6 +219,10 @@
204219
"type": "WEB",
205220
"url": "https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w"
206221
},
222+
{
223+
"type": "WEB",
224+
"url": "https://www.herodevs.com/vulnerability-directory/cve-2026-29146"
225+
},
207226
{
208227
"type": "WEB",
209228
"url": "http://www.openwall.com/lists/oss-security/2026/04/09/24"

0 commit comments

Comments
 (0)