[GHSA-59g9-7gfx-c72p] Infinite loop in Tomcat due to parsing error#7664
Conversation
github-actions
Bot
changed the base branch from
main
to
hara-satoshi-ymr/advisory-improvement-7664
There was a problem hiding this comment.
Pull request overview
Updates the GHSA advisory record for GHSA-59g9-7gfx-c72p / CVE-2021-41079 to refine which Maven artifacts/coordinates are marked as affected by the Tomcat infinite-loop (DoS) issue.
Changes:
- Updates the advisory
modifiedtimestamp. - Expands the
affectedlist to include additional Tomcat Maven artifacts (tomcat-embed-core,tomcat-coyote) across 8.5.x / 9.0.x / 10.0.x ranges.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| { | ||
| "introduced": "9.0.0" | ||
| }, | ||
| { | ||
| "fixed": "9.0.44" |
There was a problem hiding this comment.
Aligned with the existing entries in this advisory.
| { | ||
| "introduced": "10.0.0" | ||
| }, | ||
| { | ||
| "fixed": "10.0.4" |
There was a problem hiding this comment.
Aligned with the existing entries in this advisory.
| { | ||
| "introduced": "9.0.0" | ||
| }, | ||
| { | ||
| "fixed": "9.0.44" |
There was a problem hiding this comment.
Aligned with the existing entries in this advisory.
| { | ||
| "introduced": "10.0.0" | ||
| }, | ||
| { | ||
| "fixed": "10.0.4" |
There was a problem hiding this comment.
Aligned with the existing entries in this advisory.
|
👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the |
|
Friendly bump to avoid auto-close. Could a maintainer take a look when you have a chance? |
|
Could you explain how you determined org.apache.tomcat:tomcat-coyote is affected? |
Updates
Comments
improve affected pacakges