Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.eclipse.jetty/jetty-http@10.0.10
Typemaven
Namespaceorg.eclipse.jetty
Namejetty-http
Version10.0.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.0.33
Latest_non_vulnerable_version12.1.7
Affected_by_vulnerabilities
0
url VCID-3vps-uq7s-nfb7
vulnerability_id VCID-3vps-uq7s-nfb7
summary 
Improper Handling of Length Parameter Inconsistency
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40167.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40167.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40167
reference_id
reference_type
scores
0
value 0.04575
scoring_system epss
scoring_elements 0.89418
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40167
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
9
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:49:57Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
10
reference_url https://www.debian.org/security/2023/dsa-5507
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:49:57Z/
url https://www.debian.org/security/2023/dsa-5507
11
reference_url https://www.rfc-editor.org/rfc/rfc9110#section-8.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:49:57Z/
url https://www.rfc-editor.org/rfc/rfc9110#section-8.6
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2239634
reference_id 2239634
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2239634
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40167
reference_id CVE-2023-40167
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40167
14
reference_url https://github.com/advisories/GHSA-hmr7-m48g-48f6
reference_id GHSA-hmr7-m48g-48f6
reference_type
scores
url https://github.com/advisories/GHSA-hmr7-m48g-48f6
15
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
reference_id GHSA-hmr7-m48g-48f6
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:49:57Z/
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
16
reference_url https://access.redhat.com/errata/RHSA-2023:5441
reference_id RHSA-2023:5441
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5441
17
reference_url https://access.redhat.com/errata/RHSA-2023:5780
reference_id RHSA-2023:5780
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5780
18
reference_url https://access.redhat.com/errata/RHSA-2023:5946
reference_id RHSA-2023:5946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5946
19
reference_url https://access.redhat.com/errata/RHSA-2023:7247
reference_id RHSA-2023:7247
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7247
20
reference_url https://access.redhat.com/errata/RHSA-2023:7678
reference_id RHSA-2023:7678
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7678
21
reference_url https://access.redhat.com/errata/RHSA-2023:7697
reference_id RHSA-2023:7697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7697
22
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
23
reference_url https://access.redhat.com/errata/RHSA-2024:0797
reference_id RHSA-2024:0797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0797
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-http@10.0.16
purl pkg:maven/org.eclipse.jetty/jetty-http@10.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4rq-1udu-wqbu
1
vulnerability VCID-vktz-4e9u-kbau
2
vulnerability VCID-xc3w-axe8-ukb9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@10.0.16
1
url pkg:maven/org.eclipse.jetty/jetty-http@11.0.16
purl pkg:maven/org.eclipse.jetty/jetty-http@11.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4rq-1udu-wqbu
1
vulnerability VCID-vktz-4e9u-kbau
2
vulnerability VCID-xc3w-axe8-ukb9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@11.0.16
2
url pkg:maven/org.eclipse.jetty/jetty-http@12.0.1
purl pkg:maven/org.eclipse.jetty/jetty-http@12.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4rq-1udu-wqbu
1
vulnerability VCID-vktz-4e9u-kbau
2
vulnerability VCID-xc3w-axe8-ukb9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@12.0.1
aliases CVE-2023-40167, GHSA-hmr7-m48g-48f6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3vps-uq7s-nfb7
1
url VCID-d4rq-1udu-wqbu
vulnerability_id VCID-d4rq-1udu-wqbu
summary 
Eclipse Jetty URI parsing of invalid authority
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, `HttpURI`, for URI/URL parsing.

The `HttpURI` class does insufficient validation on the authority segment of a URI.  However the behaviour of `HttpURI` differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC.  Specifically `HttpURI` and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6763.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6763.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-6763
reference_id
reference_type
scores
0
value 0.01189
scoring_system epss
scoring_elements 0.79185
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-6763
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6763
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/jetty/jetty.project
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project
5
reference_url https://github.com/jetty/jetty.project/pull/12012
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:44:14Z/
url https://github.com/jetty/jetty.project/pull/12012
6
reference_url https://gitlab.eclipse.org/security/cve-assignement/-/issues/25
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:44:14Z/
url https://gitlab.eclipse.org/security/cve-assignement/-/issues/25
7
reference_url https://security.netapp.com/advisory/ntap-20250306-0005
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250306-0005
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085698
reference_id 1085698
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085698
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2318563
reference_id 2318563
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2318563
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6763
reference_id CVE-2024-6763
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6763
11
reference_url https://github.com/advisories/GHSA-qh8g-58pp-2wxh
reference_id GHSA-qh8g-58pp-2wxh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qh8g-58pp-2wxh
12
reference_url https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh
reference_id GHSA-qh8g-58pp-2wxh
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:44:14Z/
url https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-http@12.0.12
purl pkg:maven/org.eclipse.jetty/jetty-http@12.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vktz-4e9u-kbau
1
vulnerability VCID-xc3w-axe8-ukb9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@12.0.12
aliases CVE-2024-6763, GHSA-qh8g-58pp-2wxh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4rq-1udu-wqbu
2
url VCID-vktz-4e9u-kbau
vulnerability_id VCID-vktz-4e9u-kbau
summary org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2332.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2332.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2332
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05994
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2332
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2332
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2332
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/jetty/jetty.project
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project
5
reference_url https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-14T13:06:34Z/
url https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf
6
reference_url https://gitlab.eclipse.org/security/cve-assignment/-/issues/89
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-14T13:06:34Z/
url https://gitlab.eclipse.org/security/cve-assignment/-/issues/89
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2332
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2332
8
reference_url https://w4ke.info/2025/06/18/funky-chunks.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://w4ke.info/2025/06/18/funky-chunks.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2458187
reference_id 2458187
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2458187
10
reference_url https://github.com/advisories/GHSA-355h-qmc2-wpwf
reference_id GHSA-355h-qmc2-wpwf
reference_type
scores
url https://github.com/advisories/GHSA-355h-qmc2-wpwf
11
reference_url https://access.redhat.com/errata/RHSA-2026:10175
reference_id RHSA-2026:10175
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10175
12
reference_url https://access.redhat.com/errata/RHSA-2026:14272
reference_id RHSA-2026:14272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14272
13
reference_url https://access.redhat.com/errata/RHSA-2026:17668
reference_id RHSA-2026:17668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17668
14
reference_url https://access.redhat.com/errata/RHSA-2026:20568
reference_id RHSA-2026:20568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20568
15
reference_url https://access.redhat.com/errata/RHSA-2026:21773
reference_id RHSA-2026:21773
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21773
16
reference_url https://access.redhat.com/errata/RHSA-2026:22453
reference_id RHSA-2026:22453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22453
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-http@11.0.0-alpha0
purl pkg:maven/org.eclipse.jetty/jetty-http@11.0.0-alpha0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4rq-1udu-wqbu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@11.0.0-alpha0
1
url pkg:maven/org.eclipse.jetty/jetty-http@12.0.0.alpha0
purl pkg:maven/org.eclipse.jetty/jetty-http@12.0.0.alpha0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4rq-1udu-wqbu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@12.0.0.alpha0
2
url pkg:maven/org.eclipse.jetty/jetty-http@12.0.33
purl pkg:maven/org.eclipse.jetty/jetty-http@12.0.33
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@12.0.33
3
url pkg:maven/org.eclipse.jetty/jetty-http@12.1.7
purl pkg:maven/org.eclipse.jetty/jetty-http@12.1.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@12.1.7
aliases CVE-2026-2332, GHSA-355h-qmc2-wpwf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vktz-4e9u-kbau
3
url VCID-xc3w-axe8-ukb9
vulnerability_id VCID-xc3w-axe8-ukb9
summary 
org.eclipse.jetty:jetty-http has different parsing of invalid URIs
The Jetty URI parser has some key differences compared to other common parsers when evaluating invalid or unusual URIs. Specifically:
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11143.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11143.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-11143
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34687
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-11143
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11143
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11143
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/jetty/jetty.project
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project
5
reference_url https://github.com/user-attachments/files/22222625/Java.Eclipse.Jetty.Report_.Incorrect.Parsing.Priority.of.the.IPv6.Hostname.Delimeter.pdf
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/user-attachments/files/22222625/Java.Eclipse.Jetty.Report_.Incorrect.Parsing.Priority.of.the.IPv6.Hostname.Delimeter.pdf
6
reference_url https://github.com/user-attachments/files/22222626/Java.Eclipse.Jetty.Report_.The.Parsing.Priority.of.the.Delimiter.pdf
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/user-attachments/files/22222626/Java.Eclipse.Jetty.Report_.The.Parsing.Priority.of.the.Delimiter.pdf
7
reference_url https://github.com/user-attachments/files/22222627/Java.Eclipse.Jetty.Report_.Parsing.Difference.Due.to.Deformed.Scheme.pdf
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/user-attachments/files/22222627/Java.Eclipse.Jetty.Report_.Parsing.Difference.Due.to.Deformed.Scheme.pdf
8
reference_url https://github.com/user-attachments/files/22222630/Java.Eclipse.Jetty.Report_.Improper.IPv4-mapped.IPv6.Parsing.pdf
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/user-attachments/files/22222630/Java.Eclipse.Jetty.Report_.Improper.IPv4-mapped.IPv6.Parsing.pdf
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2444808
reference_id 2444808
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2444808
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-11143
reference_id CVE-2025-11143
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-11143
11
reference_url https://github.com/advisories/GHSA-wjpw-4j6x-6rwh
reference_id GHSA-wjpw-4j6x-6rwh
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wjpw-4j6x-6rwh
12
reference_url https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh
reference_id GHSA-wjpw-4j6x-6rwh
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-05T14:48:27Z/
url https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh
13
reference_url https://access.redhat.com/errata/RHSA-2026:21773
reference_id RHSA-2026:21773
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21773
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-http@11.0.0-alpha0
purl pkg:maven/org.eclipse.jetty/jetty-http@11.0.0-alpha0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4rq-1udu-wqbu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@11.0.0-alpha0
1
url pkg:maven/org.eclipse.jetty/jetty-http@12.0.0.alpha0
purl pkg:maven/org.eclipse.jetty/jetty-http@12.0.0.alpha0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4rq-1udu-wqbu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@12.0.0.alpha0
2
url pkg:maven/org.eclipse.jetty/jetty-http@12.0.31
purl pkg:maven/org.eclipse.jetty/jetty-http@12.0.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vktz-4e9u-kbau
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@12.0.31
3
url pkg:maven/org.eclipse.jetty/jetty-http@12.1.5
purl pkg:maven/org.eclipse.jetty/jetty-http@12.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vktz-4e9u-kbau
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@12.1.5
aliases CVE-2025-11143, GHSA-wjpw-4j6x-6rwh
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xc3w-axe8-ukb9
Fixing_vulnerabilities
0
url VCID-zeqx-ex43-uba2
vulnerability_id VCID-zeqx-ex43-uba2
summary In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2047.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2047.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2047
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.61141
published_at 2026-06-05T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.61093
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2047
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2047
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2048
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
6
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
7
reference_url https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2047
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2047
9
reference_url https://security.netapp.com/advisory/ntap-20220901-0006
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220901-0006
10
reference_url https://security.netapp.com/advisory/ntap-20220901-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220901-0006/
11
reference_url https://www.debian.org/security/2022/dsa-5198
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5198
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2116949
reference_id 2116949
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2116949
13
reference_url https://github.com/advisories/GHSA-cj7v-27pg-wf7q
reference_id GHSA-cj7v-27pg-wf7q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cj7v-27pg-wf7q
14
reference_url https://access.redhat.com/errata/RHSA-2023:0189
reference_id RHSA-2023:0189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0189
15
reference_url https://access.redhat.com/errata/RHSA-2023:1661
reference_id RHSA-2023:1661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1661
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-http@9.4.46.v20220331
purl pkg:maven/org.eclipse.jetty/jetty-http@9.4.46.v20220331
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vps-uq7s-nfb7
1
vulnerability VCID-d4rq-1udu-wqbu
2
vulnerability VCID-vktz-4e9u-kbau
3
vulnerability VCID-xc3w-axe8-ukb9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@9.4.46.v20220331
1
url pkg:maven/org.eclipse.jetty/jetty-http@9.4.47
purl pkg:maven/org.eclipse.jetty/jetty-http@9.4.47
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@9.4.47
2
url pkg:maven/org.eclipse.jetty/jetty-http@10.0.9
purl pkg:maven/org.eclipse.jetty/jetty-http@10.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vps-uq7s-nfb7
1
vulnerability VCID-d4rq-1udu-wqbu
2
vulnerability VCID-vktz-4e9u-kbau
3
vulnerability VCID-xc3w-axe8-ukb9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@10.0.9
3
url pkg:maven/org.eclipse.jetty/jetty-http@10.0.10
purl pkg:maven/org.eclipse.jetty/jetty-http@10.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vps-uq7s-nfb7
1
vulnerability VCID-d4rq-1udu-wqbu
2
vulnerability VCID-vktz-4e9u-kbau
3
vulnerability VCID-xc3w-axe8-ukb9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@10.0.10
4
url pkg:maven/org.eclipse.jetty/jetty-http@11.0.10
purl pkg:maven/org.eclipse.jetty/jetty-http@11.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vps-uq7s-nfb7
1
vulnerability VCID-d4rq-1udu-wqbu
2
vulnerability VCID-vktz-4e9u-kbau
3
vulnerability VCID-xc3w-axe8-ukb9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@11.0.10
aliases CVE-2022-2047, GHSA-cj7v-27pg-wf7q
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zeqx-ex43-uba2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@10.0.10