diff --git a/advisories/github-reviewed/2026/04/GHSA-8mc5-53m5-3qj2/GHSA-8mc5-53m5-3qj2.json b/advisories/github-reviewed/2026/04/GHSA-8mc5-53m5-3qj2/GHSA-8mc5-53m5-3qj2.json index 46dad3f3f9e58..cffa7e5005afb 100644 --- a/advisories/github-reviewed/2026/04/GHSA-8mc5-53m5-3qj2/GHSA-8mc5-53m5-3qj2.json +++ b/advisories/github-reviewed/2026/04/GHSA-8mc5-53m5-3qj2/GHSA-8mc5-53m5-3qj2.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-8mc5-53m5-3qj2", - "modified": "2026-04-10T22:07:39Z", + "modified": "2026-04-10T22:07:42Z", "published": "2026-04-09T21:31:29Z", "aliases": [ "CVE-2026-32990" @@ -9,10 +9,6 @@ "summary": "Apache Tomcat has an Improper Input Validation vulnerability", "details": "Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.\n\nThis issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.", "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" - }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" @@ -22,7 +18,7 @@ { "package": { "ecosystem": "Maven", - "name": "org.apache.tomcat:tomcat-catalina" + "name": "org.apache.tomcat:tomcat-coyote" }, "ranges": [ { @@ -41,7 +37,7 @@ { "package": { "ecosystem": "Maven", - "name": "org.apache.tomcat:tomcat-catalina" + "name": "org.apache.tomcat:tomcat-coyote" }, "ranges": [ { @@ -60,7 +56,7 @@ { "package": { "ecosystem": "Maven", - "name": "org.apache.tomcat:tomcat-catalina" + "name": "org.apache.tomcat:tomcat-coyote" }, "ranges": [ { @@ -203,6 +199,10 @@ { "type": "WEB", "url": "https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7" + }, + { + "type": "WEB", + "url": "https://www.herodevs.com/vulnerability-directory/cve-2026-32990" } ], "database_specific": {