DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-50379

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-50379

CGA ID

CGA-5749-245m-24vg

Severity

9.8

Critical

CVSS V3

Summary

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

Description

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.

Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images