Skip to content

Snyk-Fix: Incorrect Authorization in tomcat-embed-core (CVE-2026-24734)#1

Open
meysholdt wants to merge 1 commit into
mainfrom
snyk-fix/SNYK-JAVA-ORGAPACHETOMCATEMBED-15307822
Open

Snyk-Fix: Incorrect Authorization in tomcat-embed-core (CVE-2026-24734)#1
meysholdt wants to merge 1 commit into
mainfrom
snyk-fix/SNYK-JAVA-ORGAPACHETOMCATEMBED-15307822

Conversation

@meysholdt
Copy link
Copy Markdown
Contributor

@meysholdt meysholdt commented Mar 15, 2026
edited
Loading

Snyk Vulnerability

Field Value
Scan Type SCA
Vulnerability SNYK-JAVA-ORGAPACHETOMCATEMBED-15307822
Severity High (CVSS 4.0: 8.7)
File pom.xml
Title Incorrect Authorization — OCSP response verification bypass

What changed

Upgraded spring-boot-starter-parent from 4.0.1 to 4.0.3, which pulls in tomcat-embed-core@11.0.18 (previously 11.0.15) and resolves CVE-2026-24734.

Verification

  • ./mvnw compile -B -q — clean compilation, no errors.
  • ./mvnw test -B — 59 tests run, 0 failures, 0 errors, 0 skipped. BUILD SUCCESS.

@meysholdt meysholdt force-pushed the snyk-fix/SNYK-JAVA-ORGAPACHETOMCATEMBED-15307822 branch from 30c31eb to dd9900e Compare March 15, 2026 04:11
@meysholdt meysholdt changed the title Snyk-Fix: Upgrade Spring Boot to resolve tomcat-embed-core Incorrect Authorization (CVE-2026-24734) Snyk-Fix: Upgrade tomcat-embed-core to 11.0.18 Mar 15, 2026
@meysholdt @ona-agent
fix: upgrade spring-boot-starter-parent 4.0.1 → 4.0.3 to resolve CVE-…
f1b9d1a 
…2026-24734

Upgrades transitive dependency tomcat-embed-core from 11.0.15 to
11.0.18, fixing Incorrect Authorization in OCSP response verification.

Co-authored-by: Ona <no-reply@ona.com>
@meysholdt meysholdt force-pushed the snyk-fix/SNYK-JAVA-ORGAPACHETOMCATEMBED-15307822 branch from dd9900e to f1b9d1a Compare March 15, 2026 04:37
@meysholdt meysholdt changed the title Snyk-Fix: Upgrade tomcat-embed-core to 11.0.18 Snyk-Fix: Incorrect Authorization in tomcat-embed-core (CVE-2026-24734) Mar 15, 2026
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Mar 15, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@meysholdt