CVE-2024-52318

CWE-326CWE-79Cross-site Scripting (XSS)7 documents6 sources
Severity
6.1MEDIUM
EPSS
15.5%
top 5.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache TomcatApache Tomcat
Timeline
PublishedNov 18

Description

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

Mavenorg.apache.tomcat:tomcat-jasper11.0.011.0.1+2
NVDapache/tomcat10.1.31, 11.0.0, 9.0.96+2
CVEListV5apache_software_foundation/apache_tomcat10.1.31, 11.0.0, 9.0.96+2
Debiantomcat10< 10.1.33-1+1

🔴Vulnerability Details

4
OSV
Apache Tomcat - XSS in generated JSPs2024-11-18
GHSA
Apache Tomcat - XSS in generated JSPs2024-11-18
CVEList
Apache Tomcat: Incorrect JSP tag recycling leads to XSS2024-11-18
OSV
CVE-2024-52318: Incorrect object recycling and reuse vulnerability in Apache Tomcat2024-11-18

📋Vendor Advisories

2
Red Hat
tomcat: incorrect JSP tag recycling leads to XSS2024-11-18
Debian
CVE-2024-52318: tomcat10 - Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue...2024
CVE-2024-52318 (MEDIUM CVSS 6.1) | Incorrect object recycling and reus | cvebase.io