​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-vhqv-jhjv-679r

Published

Last updated

https://images.chainguard.dev/security/CGA-vhqv-jhjv-679r
Package

spark-3.5.0-compat

Latest Update
Fixed
Fixed Version

3.5.0-r2

Aliases
  • CVE-2021-25122
  • GHSA-j39c-c8hj-x4j3

Severity

7.5

High

CVSS V3

Summary

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Description

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation