Vulnerabilities in Tomcat version(9.0.65) in Docker base image 

Issue date: 18-07-2023
Affects versions: 15.2, 15.1, 14.7, 13.4

Security Issue ID



Affected Product Version(s)

15.2.1, 15.1.4, 14.7.13, 13.4.22 and previous releases.




CVE-2022-45143  suppress


The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

Container image tomcat:9-jdk11-openjdk-slim is using the vulnerable Tomcat version 9.0.65


Customers are recommended to upgrade to the latest version. As of the time of writing, 15.2.3,14.7.14,13.4.23.