Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/jetty9@9.4.31-1?distro=trixie

Type deb

Namespace debian

Name jetty9

Version 9.4.31-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 9.4.33-1

Latest_non_vulnerable_version 9.4.58-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-sw3q-jzqx-dkbn

vulnerability_id VCID-sw3q-jzqx-dkbn

summary

Operation on a Resource after Expiration or Release in Jetty Server
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with response2 data. Thread1 then proceeds to write the buffer that now contains response2 data. This results in client1, which issued request1 and expects responses, to see response2 which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17638.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17638.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17638

reference_id

reference_type

scores

value	0.30928
scoring_system	epss
scoring_elements	0.9675
published_at	2026-04-26T12:55:00Z

value	0.30928
scoring_system	epss
scoring_elements	0.96748
published_at	2026-04-24T12:55:00Z

value	0.30928
scoring_system	epss
scoring_elements	0.96749
published_at	2026-04-21T12:55:00Z

value	0.30928
scoring_system	epss
scoring_elements	0.96746
published_at	2026-04-18T12:55:00Z

value	0.30928
scoring_system	epss
scoring_elements	0.96705
published_at	2026-04-01T12:55:00Z

value	0.30928
scoring_system	epss
scoring_elements	0.96715
published_at	2026-04-02T12:55:00Z

value	0.30928
scoring_system	epss
scoring_elements	0.96717
published_at	2026-04-04T12:55:00Z

value	0.30928
scoring_system	epss
scoring_elements	0.96742
published_at	2026-04-16T12:55:00Z

value	0.30928
scoring_system	epss
scoring_elements	0.96736
published_at	2026-04-13T12:55:00Z

value	0.30928
scoring_system	epss
scoring_elements	0.96733
published_at	2026-04-12T12:55:00Z

value	0.30928
scoring_system	epss
scoring_elements	0.9673
published_at	2026-04-09T12:55:00Z

value	0.30928
scoring_system	epss
scoring_elements	0.96721
published_at	2026-04-07T12:55:00Z

value	0.30928
scoring_system	epss
scoring_elements	0.96729
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17638

reference_url

https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17638
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17638

reference_url

https://github.com/eclipse/jetty.project/commit/ff8ae56fa939c3477a0cdd1ff56ce3d902f08fba

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project/commit/ff8ae56fa939c3477a0cdd1ff56ce3d902f08fba

reference_url

https://github.com/eclipse/jetty.project/issues/4936

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project/issues/4936

reference_url

https://lists.apache.org/thread.html/r29073905dc9139d0d7a146595694bf57bb9e35e5ec6aa73eb9c8443a@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r29073905dc9139d0d7a146595694bf57bb9e35e5ec6aa73eb9c8443a@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r378e4cdec15e132575aa1dcb6296ffeff2a896745a8991522e266ad4@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r378e4cdec15e132575aa1dcb6296ffeff2a896745a8991522e266ad4@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4bdd3f7bb6820a79f9416b6667d718a06d269018619a75ce4b759318@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4bdd3f7bb6820a79f9416b6667d718a06d269018619a75ce4b759318@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r521168299e023fb075b57afe33d17ff1d09e8a10e0fd8c775ea0e028@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r521168299e023fb075b57afe33d17ff1d09e8a10e0fd8c775ea0e028@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7fc5f2ed49641ea91c433e3cd0fc3d31c0278c87b82b15c33b881415@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7fc5f2ed49641ea91c433e3cd0fc3d31c0278c87b82b15c33b881415@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r81f58591fb4716fb867b36956f30c7c8ad4ab3f23abc952d9d86a2a0@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r81f58591fb4716fb867b36956f30c7c8ad4ab3f23abc952d9d86a2a0@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9a2cfa56d30782a0c17a5deb951a622d1f5c8de48e1c3b578ffc2a84@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9a2cfa56d30782a0c17a5deb951a622d1f5c8de48e1c3b578ffc2a84@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra8661fc8c69c647cb06153c1485d48484a833d873f75dfe45937e9de@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra8661fc8c69c647cb06153c1485d48484a833d873f75dfe45937e9de@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rbe1f230e87ea947593145d0072d0097ddb0af10fee1161db8ca1546c@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rbe1f230e87ea947593145d0072d0097ddb0af10fee1161db8ca1546c@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd98cfd012490cb02caa1a11aaa0cc38bff2d43bcce9b20c2f01063dd@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd98cfd012490cb02caa1a11aaa0cc38bff2d43bcce9b20c2f01063dd@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-17638

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-17638

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-575561

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-575561

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

http://www.openwall.com/lists/oss-security/2020/08/17/1

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/08/17/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1864680
reference_id	1864680
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1864680

reference_url

https://github.com/advisories/GHSA-x3rh-m7vp-35f2

reference_id

GHSA-x3rh-m7vp-35f2

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x3rh-m7vp-35f2

reference_url	https://access.redhat.com/errata/RHSA-2020:3808
reference_id	RHSA-2020:3808
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3808

reference_url	https://access.redhat.com/errata/RHSA-2020:3841
reference_id	RHSA-2020:3841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3841

reference_url	https://access.redhat.com/errata/RHSA-2020:4220
reference_id	RHSA-2020:4220
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4220

reference_url	https://access.redhat.com/errata/RHSA-2020:4223
reference_id	RHSA-2020:4223
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4223

reference_url	https://access.redhat.com/errata/RHSA-2020:5568
reference_id	RHSA-2020:5568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5568

fixed_packages

url	pkg:deb/debian/jetty9@9.4.31-1?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.31-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.31-1%3Fdistro=trixie

url	pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie

aliases CVE-2019-17638, GHSA-x3rh-m7vp-35f2

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sw3q-jzqx-dkbn

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.31-1%3Fdistro=trixie

Package Instance