Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/jetty9@9.4.56-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.56-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-gq93-ctd4-aqbp Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks ### Impact Remote DOS attack can cause out of memory ### Description There exists a security vulnerability in Jetty's `ThreadLimitHandler.getRemote()` which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. ### Affected Versions * Jetty 12.0.0-12.0.8 (Supported) * Jetty 11.0.0-11.0.23 (EOL) * Jetty 10.0.0-10.0.23 (EOL) * Jetty 9.3.12-9.4.55 (EOL) ### Patched Versions * Jetty 12.0.9 * Jetty 11.0.24 * Jetty 10.0.24 * Jetty 9.4.56 ### Workarounds Do not use `ThreadLimitHandler`. Consider use of `QoSHandler` instead to artificially limit resource utilization. ### References Jetty 12 - https://github.com/jetty/jetty.project/pull/11723 CVE-2024-8184
GHSA-g8m5-722r-8whq

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T11:18:03.590512+00:00 Debian Importer Fixing VCID-gq93-ctd4-aqbp https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T07:41:19.087430+00:00 Debian Importer Fixing VCID-gq93-ctd4-aqbp https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:27:51.317448+00:00 Debian Importer Fixing VCID-gq93-ctd4-aqbp https://security-tracker.debian.org/tracker/data/json 38.1.0