Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

Patch

org.apache.tomcat.embed:tomcat-embed-core 11.0.2

Back to all
Package Version

org.apache.tomcat.embed:tomcat-embed-core 11.0.2

Github Repository

Package Version Scores

Overall
0
/10
Security
3
Activity
7
Popularity
0
Quality
8
All Factors
Security
Activity
Popularity
Code Quality
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.

Endor Patches

Patch Name
CVEs fixed
Lines of Code Changed
67d1c188d397ef4927e92655
CVEs Fixed
C
0
H
8
+813
-196

Vulnerabilities Fixed

Cve Name
CVE ID
Severity
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
CVE-2025-24813
High
Apache Tomcat Denial of Service via invalid HTTP priority header
CVE-2025-31650
High
Apache Tomcat - CGI security constraint bypass
CVE-2025-46701
High
Apache Tomcat - DoS in multipart upload
CVE-2025-48988
High
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits
CVE-2025-52520
High
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams
CVE-2025-53506
High
Apache Tomcat Improper Resource Shutdown or Release vulnerability
CVE-2025-48989
High
Apache Tomcat Vulnerable to Relative Path Traversal
CVE-2025-55752
High

Get the Patch Instantly Without Upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

References

Basic Information

Ecosystem
Release Date
January 19, 2026
LINES OF CODE CHANGED
+813
-196
-
on latest patch
License
Patch Available

Get the Patch Instantly

Secure your app without upgrading.
Fix Without Upgrading
{
"items": [
{
"title": "First Major Version Milestone Achieved",
"description": "The package has reached version 1.0.0, this is a sign of maturity",
"category": "code quality",
"type": "upscore"
},
{
"title": "Older Versions are Maintained",
"description": "The package keeps creating updates to earlier version trains, this is a sign of a commitment to maintaining and supporting the users of the project",
"category": "activity",
"type": "upscore"
},
{
"title": "Frequent Versions",
"description": "The package has frequent version creation, this is a sign of a commitment to maintaining and supporting the codebase",
"category": "activity",
"type": "upscore"
},
{
"title": "Unfixed High Severity Vulnerabilities",
"description": "Unfixed high severity vulnerabilities discovered in a repository indicate an elevated security risk. Analysis only considers vulnerabilities associated with this repository and not its dependencies. Vulnerability information is based on OSV.dev data and Endor's vulnerability database",
"category": "security",
"type": "downscore"
},
{
"title": "Unfixed Low Severity Vulnerabilities",
"description": "Unfixed low severity vulnerabilities discovered in a repository indicate a somewhat elevated security risk. Analysis only considers vulnerabilities associated with this repository and not its dependencies. Vulnerability information is based on OSV.dev data and Endor's vulnerability database",
"category": "security",
"type": "downscore"
},
{
"title": "Unfixed Medium Severity Vulnerabilities",
"description": "Unfixed medium severity vulnerabilities discovered in a repository indicate a somewhat elevated security risk. Analysis only considers vulnerabilities associated with this repository and not its dependencies. Vulnerability information is based on OSV.dev data and Endor's vulnerability database",
"category": "security",
"type": "downscore"
},
{
"title": "Too Many Vulnerabilities",
"description": "A high number of vulnerabilities discovered in a repository indicates an elevated security risk and potentially systematic security issues with this codebase. Analysis only considers vulnerabilities associated with this repository and not its dependencies. Vulnerability information is based on OSV.dev data and Endor's vulnerability database",
"category": "security",
"type": "downscore"
},
{
"title": "High Ratio of High Fix Priority Vulnerabilities",
"description": "A high fraction of high fix priority vulnerabilities among the discovered vulnerabilities indicates an elevated security risk and that the repository needs immediate maintenance. A vulnerability is considered high priority based on our analysis. Analysis only considers vulnerabilities associated with this repository and not its dependencies. Vulnerability information is based on OSV.dev data and Endor's vulnerability database",
"category": "security",
"type": "downscore"
}
]
}