Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/jetty9@9.4.39-2?distro=trixie
Typedeb
Namespacedebian
Namejetty9
Version9.4.39-2
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version9.4.39-3
Latest_non_vulnerable_version9.4.58-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-g3ff-brt6-vkeh
vulnerability_id VCID-g3ff-brt6-vkeh
summary 
Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check.

### Impact
This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3.

### Workarounds

If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28169.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28169.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28169
reference_id
reference_type
scores
0
value 0.9026
scoring_system epss
scoring_elements 0.99599
published_at 2026-04-21T12:55:00Z
1
value 0.9026
scoring_system epss
scoring_elements 0.99597
published_at 2026-04-18T12:55:00Z
2
value 0.9026
scoring_system epss
scoring_elements 0.99596
published_at 2026-04-13T12:55:00Z
3
value 0.9026
scoring_system epss
scoring_elements 0.99592
published_at 2026-04-01T12:55:00Z
4
value 0.9026
scoring_system epss
scoring_elements 0.99595
published_at 2026-04-07T12:55:00Z
5
value 0.9026
scoring_system epss
scoring_elements 0.99594
published_at 2026-04-04T12:55:00Z
6
value 0.9026
scoring_system epss
scoring_elements 0.99593
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28169
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
11
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq
12
reference_url https://lists.apache.org/thread.html/r04a4b4553a23aff26f42635a6ae388c3b162aab30a88d12e59d05168@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r04a4b4553a23aff26f42635a6ae388c3b162aab30a88d12e59d05168@%3Cjira.kafka.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r234f6452297065636356f43654cdacef565b8f9ceb0e0c07ffb8c73b@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r234f6452297065636356f43654cdacef565b8f9ceb0e0c07ffb8c73b@%3Cdev.kafka.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r284de9c5399486dfff12ab9e7323ca720dd7019a9a3e11c8510a7140@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r284de9c5399486dfff12ab9e7323ca720dd7019a9a3e11c8510a7140@%3Cjira.kafka.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r29678972c3f8164b151fd7a5802785d402e530c09870a82ffc7681a4@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r29678972c3f8164b151fd7a5802785d402e530c09870a82ffc7681a4@%3Cdev.kafka.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a462c8bbb93699825cd3@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a462c8bbb93699825cd3@%3Cissues.zookeeper.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab808c884bf6d680bea5@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab808c884bf6d680bea5@%3Cdev.zookeeper.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r91e34ff61aff8fd25a3f2a21539597c6ef7589a31c199b0a9546477c@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r91e34ff61aff8fd25a3f2a21539597c6ef7589a31c199b0a9546477c@%3Cjira.kafka.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rb1292d30462b9baedea7c5d9594fc75990d9aa0ec223b48054ca9c25@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb1292d30462b9baedea7c5d9594fc75990d9aa0ec223b48054ca9c25@%3Cjira.kafka.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/rd5b52362f5edf98e0dcab6541a381f571cccc05ad9188e793af688f3@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd5b52362f5edf98e0dcab6541a381f571cccc05ad9188e793af688f3@%3Cjira.kafka.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695@%3Cjira.kafka.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb037c128c5ad3eab7171@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb037c128c5ad3eab7171@%3Cissues.zookeeper.apache.org%3E
29
reference_url https://lists.debian.org/debian-lts-announce/2021/06/msg00017.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/06/msg00017.html
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28169
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28169
31
reference_url https://security.netapp.com/advisory/ntap-20210727-0009
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210727-0009
32
reference_url https://security.netapp.com/advisory/ntap-20210727-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210727-0009/
33
reference_url https://www.debian.org/security/2021/dsa-4949
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4949
34
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
35
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
36
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1971016
reference_id 1971016
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1971016
38
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989999
reference_id 989999
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989999
39
reference_url https://github.com/advisories/GHSA-gwcr-j4wh-j3cq
reference_id GHSA-gwcr-j4wh-j3cq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gwcr-j4wh-j3cq
40
reference_url https://access.redhat.com/errata/RHSA-2021:3225
reference_id RHSA-2021:3225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3225
41
reference_url https://access.redhat.com/errata/RHSA-2021:3700
reference_id RHSA-2021:3700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3700
42
reference_url https://access.redhat.com/errata/RHSA-2021:3758
reference_id RHSA-2021:3758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3758
43
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
44
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
45
reference_url https://access.redhat.com/errata/RHSA-2022:7257
reference_id RHSA-2022:7257
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7257
fixed_packages
0
url pkg:deb/debian/jetty9@9.4.39-2?distro=trixie
purl pkg:deb/debian/jetty9@9.4.39-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.39-2%3Fdistro=trixie
1
url pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie
aliases CVE-2021-28169, GHSA-gwcr-j4wh-j3cq
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g3ff-brt6-vkeh
1
url VCID-q35p-8qhp-aqec
vulnerability_id VCID-q35p-8qhp-aqec
summary 
SessionListener can prevent a session from being invalidated breaking logout
### Impact
If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager.   On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated.  This can result in an application used on a shared computer being left logged in.

There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception.    The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out.  If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out.

### Workarounds
The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34428.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34428.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-34428
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.5057
published_at 2026-04-21T12:55:00Z
1
value 0.00669
scoring_system epss
scoring_elements 0.71344
published_at 2026-04-16T12:55:00Z
2
value 0.00669
scoring_system epss
scoring_elements 0.71298
published_at 2026-04-13T12:55:00Z
3
value 0.00669
scoring_system epss
scoring_elements 0.71314
published_at 2026-04-12T12:55:00Z
4
value 0.00669
scoring_system epss
scoring_elements 0.7133
published_at 2026-04-11T12:55:00Z
5
value 0.00669
scoring_system epss
scoring_elements 0.71308
published_at 2026-04-09T12:55:00Z
6
value 0.00669
scoring_system epss
scoring_elements 0.71294
published_at 2026-04-08T12:55:00Z
7
value 0.00669
scoring_system epss
scoring_elements 0.71252
published_at 2026-04-07T12:55:00Z
8
value 0.00669
scoring_system epss
scoring_elements 0.7135
published_at 2026-04-18T12:55:00Z
9
value 0.00669
scoring_system epss
scoring_elements 0.71278
published_at 2026-04-04T12:55:00Z
10
value 0.00669
scoring_system epss
scoring_elements 0.7126
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-34428
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
11
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
12
reference_url https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695@%3Cjira.kafka.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-34428
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-34428
19
reference_url https://security.netapp.com/advisory/ntap-20210813-0003
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210813-0003
20
reference_url https://security.netapp.com/advisory/ntap-20210813-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210813-0003/
21
reference_url https://www.debian.org/security/2021/dsa-4949
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4949
22
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
23
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
24
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1974891
reference_id 1974891
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1974891
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990578
reference_id 990578
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990578
27
reference_url https://github.com/advisories/GHSA-m6cp-vxjx-65j6
reference_id GHSA-m6cp-vxjx-65j6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6cp-vxjx-65j6
28
reference_url https://access.redhat.com/errata/RHSA-2021:3225
reference_id RHSA-2021:3225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3225
29
reference_url https://access.redhat.com/errata/RHSA-2021:3700
reference_id RHSA-2021:3700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3700
30
reference_url https://access.redhat.com/errata/RHSA-2021:3758
reference_id RHSA-2021:3758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3758
31
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
32
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
fixed_packages
0
url pkg:deb/debian/jetty9@9.4.39-2?distro=trixie
purl pkg:deb/debian/jetty9@9.4.39-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.39-2%3Fdistro=trixie
1
url pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie
aliases CVE-2021-34428, GHSA-m6cp-vxjx-65j6
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q35p-8qhp-aqec
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.39-2%3Fdistro=trixie