Skip to content

[GHSA-7jqf-v358-p8g7] Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability#8703

Open
hara-satoshi-ymr wants to merge 1 commit into
hara-satoshi-ymr/advisory-improvement-8703from
hara-satoshi-ymr-GHSA-7jqf-v358-p8g7
Open

[GHSA-7jqf-v358-p8g7] Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability#8703
hara-satoshi-ymr wants to merge 1 commit into
hara-satoshi-ymr/advisory-improvement-8703from
hara-satoshi-ymr-GHSA-7jqf-v358-p8g7

Conversation

@hara-satoshi-ymr

Copy link
Copy Markdown

Updates

  • Affected products
  • CVSS v3

Comments
improve affected pacakges

Copilot AI review requested due to automatic review settings July 14, 2026 08:12
@github-actions github-actions Bot changed the base branch from main to hara-satoshi-ymr/advisory-improvement-8703 July 14, 2026 08:13

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the Apache Tomcat vulnerability advisory metadata.

Changes:

  • Removes CVSS v3 severity data.
  • Removes affected tomcat-embed-core ranges.
  • Advances the modification timestamp.
Comments suppressed due to low confidence (1)

advisories/github-reviewed/2024/11/GHSA-7jqf-v358-p8g7/GHSA-7jqf-v358-p8g7.json:15

  • The Apache CNA still publishes this CVSS v3.1 vector (8.6/High) for CVE-2024-38286. Removing it discards authoritative severity data rather than updating it, while this schema and the prior record support retaining v3 alongside v4. Please restore the v3 entry.
    {
      "type": "CVSS_V4",
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"
    }

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants