CVE-2021-25329: is fixed in Tomcat 9.0.43
Hey Gemnasium Security Team,
The fixed in versions of Tomcat for CVE-2021-25329 does not include 9.0.43 which contains a fix for this issue: Fixed_in_Apache_Tomcat_9.0.43. This fixed version is showing in the NVD database https://nvd.nist.gov/vuln/detail/CVE-2021-25329.
It's impacting our team, because Spring boot is bundled with tomcat-embed-core 9.x, and doesn't support 10.x.
Thanks, Rob