Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/jetty9@9.4.50-4%2Bdeb12u3?distro=trixie
Typedeb
Namespacedebian
Namejetty9
Version9.4.50-4+deb12u3
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version9.4.52-1
Latest_non_vulnerable_version9.4.58-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-5qhm-ase5-5qhy
vulnerability_id VCID-5qhm-ase5-5qhy
summary 
Connection leaking on idle timeout when TCP congested
### Impact
If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written.
However it is not written because the connection is TCP congested.
When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection.

This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle.

An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.

The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers.

### Patches
Patched versions:
* 9.4.54
* 10.0.20
* 11.0.20
* 12.0.6

### Workarounds
Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty.
HTTP/1.x is not affected.

### References
* https://github.com/jetty/jetty.project/issues/11256.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22201.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22201.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22201
reference_id
reference_type
scores
0
value 0.00559
scoring_system epss
scoring_elements 0.68263
published_at 2026-04-21T12:55:00Z
1
value 0.00559
scoring_system epss
scoring_elements 0.68283
published_at 2026-04-18T12:55:00Z
2
value 0.00559
scoring_system epss
scoring_elements 0.68272
published_at 2026-04-16T12:55:00Z
3
value 0.00559
scoring_system epss
scoring_elements 0.68232
published_at 2026-04-13T12:55:00Z
4
value 0.00559
scoring_system epss
scoring_elements 0.68265
published_at 2026-04-12T12:55:00Z
5
value 0.00559
scoring_system epss
scoring_elements 0.68278
published_at 2026-04-11T12:55:00Z
6
value 0.00559
scoring_system epss
scoring_elements 0.68238
published_at 2026-04-08T12:55:00Z
7
value 0.00559
scoring_system epss
scoring_elements 0.68253
published_at 2026-04-09T12:55:00Z
8
value 0.00559
scoring_system epss
scoring_elements 0.68192
published_at 2026-04-02T12:55:00Z
9
value 0.00559
scoring_system epss
scoring_elements 0.6821
published_at 2026-04-04T12:55:00Z
10
value 0.00559
scoring_system epss
scoring_elements 0.68187
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22201
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22201
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/jetty/jetty.project
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project
5
reference_url https://github.com/jetty/jetty.project/commit/0839a208cdc3fcfe25206a77af59ba9fda260188
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project/commit/0839a208cdc3fcfe25206a77af59ba9fda260188
6
reference_url https://github.com/jetty/jetty.project/commit/b953871c9a5ff4fbca4a2499848f75182dbd9810
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project/commit/b953871c9a5ff4fbca4a2499848f75182dbd9810
7
reference_url https://github.com/jetty/jetty.project/issues/11256
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/
url https://github.com/jetty/jetty.project/issues/11256
8
reference_url https://github.com/jetty/jetty.project/issues/11259
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project/issues/11259
9
reference_url https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/
url https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
10
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/
url https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22201
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22201
12
reference_url https://security.netapp.com/advisory/ntap-20240329-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240329-0001
13
reference_url http://www.openwall.com/lists/oss-security/2024/03/20/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/
url http://www.openwall.com/lists/oss-security/2024/03/20/2
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064923
reference_id 1064923
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064923
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266136
reference_id 2266136
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266136
16
reference_url https://github.com/advisories/GHSA-rggv-cv7r-mw98
reference_id GHSA-rggv-cv7r-mw98
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rggv-cv7r-mw98
17
reference_url https://security.netapp.com/advisory/ntap-20240329-0001/
reference_id ntap-20240329-0001
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/
url https://security.netapp.com/advisory/ntap-20240329-0001/
18
reference_url https://access.redhat.com/errata/RHSA-2024:3634
reference_id RHSA-2024:3634
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3634
19
reference_url https://access.redhat.com/errata/RHSA-2024:3635
reference_id RHSA-2024:3635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3635
20
reference_url https://access.redhat.com/errata/RHSA-2024:3636
reference_id RHSA-2024:3636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3636
21
reference_url https://access.redhat.com/errata/RHSA-2024:4597
reference_id RHSA-2024:4597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4597
fixed_packages
0
url pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/jetty9@9.4.50-4%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/jetty9@9.4.50-4%2Bdeb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb12u3%3Fdistro=trixie
2
url pkg:deb/debian/jetty9@9.4.54-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.54-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.54-1%3Fdistro=trixie
3
url pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie
4
url pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie
aliases CVE-2024-22201, GHSA-rggv-cv7r-mw98
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qhm-ase5-5qhy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb12u3%3Fdistro=trixie