Skip to content

[SECURITY] - org.apache.tomcat.embed:tomcat-embed-core:jar:9.0.70 has security vulnerabilities, CVE-2025-48989 #4985

New issue
New issue
Closed
Closed
[SECURITY] - org.apache.tomcat.embed:tomcat-embed-core:jar:9.0.70 has security vulnerabilities, CVE-2025-48989#4985
Labels
bug
@qinlonglong123

Description

@qinlonglong123
qinlonglong123
opened on Oct 21, 2025

Steps to Reproduce

See:
https://nvd.nist.gov/vuln/detail/CVE-2025-48989
GHSA-gqp3-2cvr-x8m3

Expected Behavior

upgrade org.apache.tomcat.embed:tomcat-embed-core,rg.apache.tomcat.embed:tomcat-embed-el and org.apache.tomcat.embed:tomcat-embed-websocket:jar from 9.0.108

Servicecomb Version

2.8.24

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions