Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core

ID GHSA-5Q99-F34M-67GC
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:04


When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.