Related Vulnerabilities: CVE-2023-24998  

a packaged renamed copy of Apache Commons FileUpload packaged in tomcat was vulnerable to denial of service triggered by a malicious upload or series of uploads

Severity Medium

Remote Yes

Type Denial of service

Description

a packaged renamed copy of Apache Commons FileUpload packaged in tomcat was vulnerable to denial of service triggered by a malicious upload or series of uploads

AVG-2831 tomcat8 8.5.84-1 8.5.85-1 Medium Fixed

AVG-2830 tomcat9 9.0.70-1 9.0.71-1 Medium Fixed

AVG-2829 tomcat10 10.1.4-1 10.1.5-1 Medium Fixed

https://seclists.org/oss-sec/2023/q1/108

source does not specify severity (yet) but DoS is usually medium so I'm putting medium here