An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.debian.org/security/2018/dsa-4281
https://usn.ubuntu.com/3723-1/
https://support.f5.com/csp/article/K73008537?utm_source=f5support&%3Butm_medium=RSS
https://security.netapp.com/advisory/ntap-20180817-0001/
https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html
https://access.redhat.com/errata/RHSA-2018:3768
https://access.redhat.com/errata/RHSA-2018:2945
https://access.redhat.com/errata/RHSA-2018:2939
https://access.redhat.com/errata/RHSA-2018:2930
https://access.redhat.com/errata/RHSA-2018:2921
https://access.redhat.com/errata/RHSA-2018:2743
https://access.redhat.com/errata/RHSA-2018:2742
https://access.redhat.com/errata/RHSA-2018:2741
https://access.redhat.com/errata/RHSA-2018:2740
https://access.redhat.com/errata/RHSA-2018:2701
https://access.redhat.com/errata/RHSA-2018:2700
https://access.redhat.com/errata/RHEA-2018:2189
https://access.redhat.com/errata/RHEA-2018:2188
http://www.securitytracker.com/id/1041375