CVE-2024-34750 not reported on org.apache.tomcat.embed:tomcat-embed-core on ossindex

I noticed CVE-2024-34750 is correctly reported on org.apache.tomcat:tomcat (, but it is not reported on tomcat-embed-core Maven - org.apache.tomcat.embed/tomcat-embed-core - Sonatype OSS Index, while a significant number of tools are reporting it on this package.
I am wondering if CVE is not impacting tomcat embed and other tools are wrong or the oppposite, there is an issue on OSSIndex and this package should be flag as vulnerable ?