Apache Tomcat from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98 is vulnerable to Path Equivalence which can lead to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet.
