Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.eclipse.jetty/jetty-server@9.4.40.v20210413
Typemaven
Namespaceorg.eclipse.jetty
Namejetty-server
Version9.4.40.v20210413
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.4.57.v20241219
Latest_non_vulnerable_version12.1.6
Affected_by_vulnerabilities
0
url VCID-3vps-uq7s-nfb7
vulnerability_id VCID-3vps-uq7s-nfb7
summary 
Improper Handling of Length Parameter Inconsistency
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40167.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40167.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40167
reference_id
reference_type
scores
0
value 0.04575
scoring_system epss
scoring_elements 0.89416
published_at 2026-06-07T12:55:00Z
1
value 0.04575
scoring_system epss
scoring_elements 0.89418
published_at 2026-06-05T12:55:00Z
2
value 0.04575
scoring_system epss
scoring_elements 0.89417
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40167
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
9
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:49:57Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
10
reference_url https://www.debian.org/security/2023/dsa-5507
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:49:57Z/
url https://www.debian.org/security/2023/dsa-5507
11
reference_url https://www.rfc-editor.org/rfc/rfc9110#section-8.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:49:57Z/
url https://www.rfc-editor.org/rfc/rfc9110#section-8.6
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2239634
reference_id 2239634
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2239634
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40167
reference_id CVE-2023-40167
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40167
14
reference_url https://github.com/advisories/GHSA-hmr7-m48g-48f6
reference_id GHSA-hmr7-m48g-48f6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hmr7-m48g-48f6
15
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
reference_id GHSA-hmr7-m48g-48f6
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:49:57Z/
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
16
reference_url https://access.redhat.com/errata/RHSA-2023:5441
reference_id RHSA-2023:5441
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5441
17
reference_url https://access.redhat.com/errata/RHSA-2023:5780
reference_id RHSA-2023:5780
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5780
18
reference_url https://access.redhat.com/errata/RHSA-2023:5946
reference_id RHSA-2023:5946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5946
19
reference_url https://access.redhat.com/errata/RHSA-2023:7247
reference_id RHSA-2023:7247
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7247
20
reference_url https://access.redhat.com/errata/RHSA-2023:7678
reference_id RHSA-2023:7678
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7678
21
reference_url https://access.redhat.com/errata/RHSA-2023:7697
reference_id RHSA-2023:7697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7697
22
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
23
reference_url https://access.redhat.com/errata/RHSA-2024:0797
reference_id RHSA-2024:0797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0797
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.52.v20230823
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.52.v20230823
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jktf-sads-m7ca
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.52.v20230823
1
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.16
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.16
2
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.16
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.16
3
url pkg:maven/org.eclipse.jetty/jetty-server@12.0.1
purl pkg:maven/org.eclipse.jetty/jetty-server@12.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@12.0.1
aliases CVE-2023-40167, GHSA-hmr7-m48g-48f6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3vps-uq7s-nfb7
1
url VCID-bq5u-wuuv-m7au
vulnerability_id VCID-bq5u-wuuv-m7au
summary 
False positive
This vulnerability has been marked as a false positive.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26048.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26048.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26048
reference_id
reference_type
scores
0
value 0.43407
scoring_system epss
scoring_elements 0.97582
published_at 2026-06-07T12:55:00Z
1
value 0.43407
scoring_system epss
scoring_elements 0.97577
published_at 2026-06-04T12:55:00Z
2
value 0.43407
scoring_system epss
scoring_elements 0.97581
published_at 2026-06-05T12:55:00Z
3
value 0.43407
scoring_system epss
scoring_elements 0.97583
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26048
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
9
reference_url https://github.com/eclipse/jetty.project/issues/9076
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/
url https://github.com/eclipse/jetty.project/issues/9076
10
reference_url https://github.com/eclipse/jetty.project/pull/9344
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/
url https://github.com/eclipse/jetty.project/pull/9344
11
reference_url https://github.com/eclipse/jetty.project/pull/9345
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/
url https://github.com/eclipse/jetty.project/pull/9345
12
reference_url https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217
13
reference_url https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/
url https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload
14
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
15
reference_url https://security.netapp.com/advisory/ntap-20230526-0001
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230526-0001
16
reference_url https://www.debian.org/security/2023/dsa-5507
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/
url https://www.debian.org/security/2023/dsa-5507
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2236340
reference_id 2236340
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2236340
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26048
reference_id CVE-2023-26048
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26048
19
reference_url https://github.com/advisories/GHSA-qw69-rqj8-6qw8
reference_id GHSA-qw69-rqj8-6qw8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qw69-rqj8-6qw8
20
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8
reference_id GHSA-qw69-rqj8-6qw8
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8
21
reference_url https://security.netapp.com/advisory/ntap-20230526-0001/
reference_id ntap-20230526-0001
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/
url https://security.netapp.com/advisory/ntap-20230526-0001/
22
reference_url https://access.redhat.com/errata/RHSA-2023:5165
reference_id RHSA-2023:5165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5165
23
reference_url https://access.redhat.com/errata/RHSA-2023:5441
reference_id RHSA-2023:5441
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5441
24
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
25
reference_url https://access.redhat.com/errata/RHSA-2024:3385
reference_id RHSA-2024:3385
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3385
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.51.v20230217
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.51.v20230217
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vps-uq7s-nfb7
1
vulnerability VCID-jktf-sads-m7ca
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.51.v20230217
1
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.14
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vps-uq7s-nfb7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.14
2
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.14
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vps-uq7s-nfb7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.14
aliases CVE-2023-26048, GHSA-qw69-rqj8-6qw8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq5u-wuuv-m7au
2
url VCID-gua7-n9ne-t3hk
vulnerability_id VCID-gua7-n9ne-t3hk
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26049.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26049.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26049
reference_id
reference_type
scores
0
value 0.00403
scoring_system epss
scoring_elements 0.61274
published_at 2026-06-07T12:55:00Z
1
value 0.00403
scoring_system epss
scoring_elements 0.61231
published_at 2026-06-04T12:55:00Z
2
value 0.00403
scoring_system epss
scoring_elements 0.61279
published_at 2026-06-05T12:55:00Z
3
value 0.00403
scoring_system epss
scoring_elements 0.61287
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26049
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
9
reference_url https://github.com/eclipse/jetty.project/pull/9339
reference_id
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/pull/9339
10
reference_url https://github.com/eclipse/jetty.project/pull/9352
reference_id
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/pull/9352
11
reference_url https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217
reference_id
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217
12
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
reference_id
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
13
reference_url https://security.netapp.com/advisory/ntap-20230526-0001
reference_id
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230526-0001
14
reference_url https://www.debian.org/security/2023/dsa-5507
reference_id
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5507
15
reference_url https://www.rfc-editor.org/rfc/rfc2965
reference_id
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.rfc-editor.org/rfc/rfc2965
16
reference_url https://www.rfc-editor.org/rfc/rfc6265
reference_id
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.rfc-editor.org/rfc/rfc6265
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2236341
reference_id 2236341
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2236341
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26049
reference_id CVE-2023-26049
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26049
19
reference_url https://github.com/advisories/GHSA-p26g-97m4-6q7c
reference_id GHSA-p26g-97m4-6q7c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p26g-97m4-6q7c
20
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c
reference_id GHSA-p26g-97m4-6q7c
reference_type
scores
0
value 2.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c
21
reference_url https://access.redhat.com/errata/RHSA-2023:5165
reference_id RHSA-2023:5165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5165
22
reference_url https://access.redhat.com/errata/RHSA-2023:5441
reference_id RHSA-2023:5441
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5441
23
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
24
reference_url https://access.redhat.com/errata/RHSA-2024:0797
reference_id RHSA-2024:0797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0797
25
reference_url https://access.redhat.com/errata/RHSA-2024:3385
reference_id RHSA-2024:3385
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3385
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.51.v20230217
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.51.v20230217
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vps-uq7s-nfb7
1
vulnerability VCID-jktf-sads-m7ca
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.51.v20230217
1
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.14
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vps-uq7s-nfb7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.14
2
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.14
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vps-uq7s-nfb7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.14
3
url pkg:maven/org.eclipse.jetty/jetty-server@12.0.0.beta0
purl pkg:maven/org.eclipse.jetty/jetty-server@12.0.0.beta0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@12.0.0.beta0
4
url pkg:maven/org.eclipse.jetty/jetty-server@12.0.1
purl pkg:maven/org.eclipse.jetty/jetty-server@12.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@12.0.1
aliases CVE-2023-26049, GHSA-p26g-97m4-6q7c
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gua7-n9ne-t3hk
3
url VCID-jktf-sads-m7ca
vulnerability_id VCID-jktf-sads-m7ca
summary 
**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13009.json
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13009.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-13009
reference_id
reference_type
scores
0
value 0.00554
scoring_system epss
scoring_elements 0.68471
published_at 2026-06-07T12:55:00Z
1
value 0.00554
scoring_system epss
scoring_elements 0.6847
published_at 2026-06-05T12:55:00Z
2
value 0.00554
scoring_system epss
scoring_elements 0.68478
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-13009
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13009
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13009
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/jetty/jetty.project
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project
5
reference_url https://gitlab.eclipse.org/security/cve-assignement/-/issues/48
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:55:32Z/
url https://gitlab.eclipse.org/security/cve-assignement/-/issues/48
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2365135
reference_id 2365135
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2365135
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-13009
reference_id CVE-2024-13009
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-13009
8
reference_url https://github.com/advisories/GHSA-q4rv-gq96-w7c5
reference_id GHSA-q4rv-gq96-w7c5
reference_type
scores
url https://github.com/advisories/GHSA-q4rv-gq96-w7c5
9
reference_url https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5
reference_id GHSA-q4rv-gq96-w7c5
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:55:32Z/
url https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5
10
reference_url https://access.redhat.com/errata/RHSA-2025:15643
reference_id RHSA-2025:15643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15643
11
reference_url https://access.redhat.com/errata/RHSA-2025:9697
reference_id RHSA-2025:9697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9697
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.57.v20241219
aliases CVE-2024-13009, GHSA-q4rv-gq96-w7c5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jktf-sads-m7ca
Fixing_vulnerabilities
0
url VCID-9an6-1me1-97fc
vulnerability_id VCID-9an6-1me1-97fc
summary 
Insufficient Session Expiration
If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34428.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34428.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-34428
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.53027
published_at 2026-06-07T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.52979
published_at 2026-06-04T12:55:00Z
2
value 0.00294
scoring_system epss
scoring_elements 0.53047
published_at 2026-06-06T12:55:00Z
3
value 0.00294
scoring_system epss
scoring_elements 0.53039
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-34428
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
11
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
12
reference_url https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695@%3Cjira.kafka.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E
18
reference_url https://security.netapp.com/advisory/ntap-20210813-0003
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210813-0003
19
reference_url https://security.netapp.com/advisory/ntap-20210813-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210813-0003/
20
reference_url https://www.debian.org/security/2021/dsa-4949
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4949
21
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
22
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
23
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1974891
reference_id 1974891
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1974891
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990578
reference_id 990578
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990578
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-34428
reference_id CVE-2021-34428
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-34428
27
reference_url https://github.com/advisories/GHSA-m6cp-vxjx-65j6
reference_id GHSA-m6cp-vxjx-65j6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6cp-vxjx-65j6
28
reference_url https://access.redhat.com/errata/RHSA-2021:3225
reference_id RHSA-2021:3225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3225
29
reference_url https://access.redhat.com/errata/RHSA-2021:3700
reference_id RHSA-2021:3700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3700
30
reference_url https://access.redhat.com/errata/RHSA-2021:3758
reference_id RHSA-2021:3758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3758
31
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
32
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.40.v20210413
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.40.v20210413
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vps-uq7s-nfb7
1
vulnerability VCID-bq5u-wuuv-m7au
2
vulnerability VCID-gua7-n9ne-t3hk
3
vulnerability VCID-jktf-sads-m7ca
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.40.v20210413
1
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.41
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.41
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.41
2
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.3
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vps-uq7s-nfb7
1
vulnerability VCID-bq5u-wuuv-m7au
2
vulnerability VCID-gua7-n9ne-t3hk
3
vulnerability VCID-qkch-1wc4-4yd1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.3
3
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.3
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vps-uq7s-nfb7
1
vulnerability VCID-bq5u-wuuv-m7au
2
vulnerability VCID-gua7-n9ne-t3hk
3
vulnerability VCID-qkch-1wc4-4yd1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.3
aliases CVE-2021-34428, GHSA-m6cp-vxjx-65j6
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9an6-1me1-97fc
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.40.v20210413