Affecting org.apache.tomcat:tomcat-catalina artifact, versions [7.0.23, 7.0.91) || [8.5.0, 8.5.34) || [9.0.0, 9.0.12)
org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations.
Affected versions of this package are vulnerable to Open Redirect. When the default servlet returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
org.apache.tomcat:tomcat-catalina to version 7.0.91, 8.5.34, 9.0.12 or higher.