Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.eclipse.jetty.http2/http2-server@9.3.0.RC1
Typemaven
Namespaceorg.eclipse.jetty.http2
Namehttp2-server
Version9.3.0.RC1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.4.53.v20231009
Latest_non_vulnerable_version11.0.17
Affected_by_vulnerabilities
0
url VCID-dvyn-8phs-a3a6
vulnerability_id VCID-dvyn-8phs-a3a6
summary 
Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service
### Description
Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread.
If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response.
If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service.

### Impact
A malicious client may render the server unresponsive.

### Patches
The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10.

### Workarounds
No workaround available within Jetty itself.
One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy)

### For more information
If you have any questions or comments about this advisory:
* Email us at security@webtide.com.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2048.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2048.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2048
reference_id
reference_type
scores
0
value 0.01287
scoring_system epss
scoring_elements 0.79667
published_at 2026-04-18T12:55:00Z
1
value 0.01287
scoring_system epss
scoring_elements 0.79637
published_at 2026-04-13T12:55:00Z
2
value 0.01287
scoring_system epss
scoring_elements 0.79644
published_at 2026-04-12T12:55:00Z
3
value 0.01287
scoring_system epss
scoring_elements 0.7966
published_at 2026-04-11T12:55:00Z
4
value 0.01287
scoring_system epss
scoring_elements 0.79639
published_at 2026-04-09T12:55:00Z
5
value 0.01287
scoring_system epss
scoring_elements 0.79631
published_at 2026-04-08T12:55:00Z
6
value 0.01287
scoring_system epss
scoring_elements 0.79603
published_at 2026-04-07T12:55:00Z
7
value 0.01287
scoring_system epss
scoring_elements 0.79616
published_at 2026-04-04T12:55:00Z
8
value 0.01287
scoring_system epss
scoring_elements 0.79593
published_at 2026-04-02T12:55:00Z
9
value 0.01288
scoring_system epss
scoring_elements 0.79677
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2048
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2047
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2048
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
6
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
7
reference_url https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2048
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2048
9
reference_url https://security.netapp.com/advisory/ntap-20220901-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220901-0006
10
reference_url https://security.netapp.com/advisory/ntap-20220901-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220901-0006/
11
reference_url https://www.debian.org/security/2022/dsa-5198
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5198
12
reference_url http://www.openwall.com/lists/oss-security/2022/09/09/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/09/09/2
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2116952
reference_id 2116952
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2116952
14
reference_url https://github.com/advisories/GHSA-wgmr-mf83-7x4j
reference_id GHSA-wgmr-mf83-7x4j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wgmr-mf83-7x4j
15
reference_url https://access.redhat.com/errata/RHSA-2022:8652
reference_id RHSA-2022:8652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8652
16
reference_url https://access.redhat.com/errata/RHSA-2023:0017
reference_id RHSA-2023:0017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0017
17
reference_url https://access.redhat.com/errata/RHSA-2023:0189
reference_id RHSA-2023:0189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0189
18
reference_url https://access.redhat.com/errata/RHSA-2023:0777
reference_id RHSA-2023:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0777
19
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
fixed_packages
0
url pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.47
purl pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.47
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.47
1
url pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.47.v20220610
purl pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.47.v20220610
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.47.v20220610
2
url pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.10
purl pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty.http2/http2-server@10.0.10
3
url pkg:maven/org.eclipse.jetty.http2/http2-server@11.0.10
purl pkg:maven/org.eclipse.jetty.http2/http2-server@11.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty.http2/http2-server@11.0.10
aliases CVE-2022-2048, GHSA-wgmr-mf83-7x4j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvyn-8phs-a3a6
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty.http2/http2-server@9.3.0.RC1