CVE-2021-42340 log

Severity High
Remote Yes
Type Denial of service
A security issue has been found in Apache Tomcat before versions 10.0.12, 9.0.54 and 8.5.72. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for  WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
Group Package Affected Fixed Severity Status Ticket
AVG-2471 tomcat8 8.5.71-1 8.5.72-1 High Fixed
AVG-2470 tomcat9 9.0.53-1 9.0.54-1 High Fixed
AVG-2469 tomcat10 10.0.11-1 10.0.12-1 High Fixed