ROOT-APP-MAVEN-CVE-2023-24998

See a problem?
Please try reporting it to the source first.

Source

https://root.io/security/ROOT-APP-MAVEN-CVE-2023-24998

Import Source

https://api.root.io/external/osv/ROOT-APP-MAVEN-CVE-2023-24998.json

JSON Data

https://api.test.osv.dev/v1/vulns/ROOT-APP-MAVEN-CVE-2023-24998

Upstream

CVE-2023-24998

Published

2026-06-17T15:30:14Z

Modified

2026-06-17T18:30:12.568634546Z

Summary

CVE-2023-24998 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root

Details

Root has patched CVE-2023-24998 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available.

Database specific

{
    "source": "Root",
    "severity": "HIGH",
    "distro_version": "",
    "distro": "maven"
}

References

Affected packages

Root:Maven

io.root.org.apache.tomcat.embed:tomcat-embed-core

Package

Name: io.root.org.apache.tomcat.embed:tomcat-embed-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.39-root.io.2

Fixed

9.0.39-root.io.3

Fixed

9.0.63-root.io.1

Fixed

9.0.39-root.io.4

Database specific

all_fixed_versions

[
    "9.0.39-root.io.2",
    "9.0.39-root.io.3",
    "9.0.63-root.io.1",
    "9.0.39-root.io.4"
]

upstream_version

"9.0.39"

total_fixed_versions

4.0

source

"https://api.root.io/external/osv/ROOT-APP-MAVEN-CVE-2023-24998.json"

root_patch_version

"root.io.4"

root_patched

true

org.apache.tomcat.embed:tomcat-embed-core

Package

Name: org.apache.tomcat.embed:tomcat-embed-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.39-aikido.4

Database specific

all_fixed_versions

[
    "9.0.39-aikido.4"
]

upstream_version

"9.0.39-aikido.4"

source

"https://api.root.io/external/osv/ROOT-APP-MAVEN-CVE-2023-24998.json"

total_fixed_versions

1.0

root_patch_version

""

root_patched

true

io.root.commons-fileupload:commons-fileupload

Package

Name: io.root.commons-fileupload:commons-fileupload

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5-root.io.1

Fixed

1.5-root.io.2

Database specific

root_patched

true

upstream_version

"1.5"

total_fixed_versions

2.0

source

"https://api.root.io/external/osv/ROOT-APP-MAVEN-CVE-2023-24998.json"

root_patch_version

"root.io.2"

all_fixed_versions

[
    "1.5-root.io.1",
    "1.5-root.io.2"
]

commons-fileupload:commons-fileupload

Package

Name: commons-fileupload:commons-fileupload

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5-aikido.2

Database specific

all_fixed_versions

[
    "1.5-aikido.2"
]

upstream_version

"1.5-aikido.2"

total_fixed_versions

1.0

source

"https://api.root.io/external/osv/ROOT-APP-MAVEN-CVE-2023-24998.json"

root_patch_version

""

root_patched

true