Improve GHSA-653p-vg55-5652

Author: yusuke-koyoshi

advisories/github-reviewed/2024/12/GHSA-653p-vg55-5652/GHSA-653p-vg55-5652.json

@@ -1,28 +1,24 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-653p-vg55-5652",
-  "modified": "2025-11-03T21:31:45Z",
+  "modified": "2025-11-03T21:32:47Z",
   "published": "2024-12-17T15:31:43Z",
   "aliases": [
     "CVE-2024-54677"
   ],
   "summary": "Apache Tomcat Uncontrolled Resource Consumption vulnerability",
-  "details": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
+  "details": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.\n\nMitigation: This vulnerability does not affect core Apache Tomcat server components (tomcat-catalina, tomcat-coyote, tomcat-embed-core, etc.). Removing the `webapps/examples/` directory in production environments — as recommended by the Apache Tomcat Security Considerations documentation (https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html) — eliminates the attack surface entirely.",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
-    },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
     {
       "package": {
         "ecosystem": "Maven",
-        "name": "org.apache.tomcat:tomcat-catalina"
+        "name": "org.apache.tomcat:tomcat"
       },
       "ranges": [
         {
@@ -41,7 +37,7 @@
     {
       "package": {
         "ecosystem": "Maven",
-        "name": "org.apache.tomcat:tomcat-catalina"
+        "name": "org.apache.tomcat:tomcat"
       },
       "ranges": [
         {
@@ -60,7 +56,7 @@
     {
       "package": {
         "ecosystem": "Maven",
-        "name": "org.apache.tomcat:tomcat-catalina"
+        "name": "org.apache.tomcat:tomcat"
       },
       "ranges": [
         {
@@ -79,7 +75,7 @@
     {
       "package": {
         "ecosystem": "Maven",
-        "name": "org.apache.tomcat:tomcat-catalina"
+        "name": "org.apache.tomcat:tomcat"
       },
       "ranges": [
         {