[GHSA-8mc5-53m5-3qj2] Apache Tomcat has an Improper Input Validation vulnerability

advisories/github-reviewed/2026/04/GHSA-8mc5-53m5-3qj2/GHSA-8mc5-53m5-3qj2.json

@@ -1,18 +1,14 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8mc5-53m5-3qj2",
-  "modified": "2026-04-10T22:07:39Z",
+  "modified": "2026-04-10T22:07:42Z",
   "published": "2026-04-09T21:31:29Z",
   "aliases": [
     "CVE-2026-32990"
   ],
   "summary": "Apache Tomcat has an Improper Input Validation vulnerability",
   "details": "Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.\n\nThis issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
-    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
@@ -22,7 +18,7 @@
     {
       "package": {
         "ecosystem": "Maven",
-        "name": "org.apache.tomcat:tomcat-catalina"
+        "name": "org.apache.tomcat:tomcat-coyote"
       },
       "ranges": [
         {
@@ -41,7 +37,7 @@
     {
       "package": {
         "ecosystem": "Maven",
-        "name": "org.apache.tomcat:tomcat-catalina"
+        "name": "org.apache.tomcat:tomcat-coyote"
       },
       "ranges": [
         {
@@ -60,7 +56,7 @@
     {
       "package": {
         "ecosystem": "Maven",
-        "name": "org.apache.tomcat:tomcat-catalina"
+        "name": "org.apache.tomcat:tomcat-coyote"
       },
       "ranges": [
         {
@@ -203,6 +199,10 @@
     {
       "type": "WEB",
       "url": "https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.herodevs.com/vulnerability-directory/cve-2026-32990"
     }
   ],
   "database_specific": {