VulnerableCode Package Details - pkg:maven/org.eclipse.jetty/jetty-server@9.4.55

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.eclipse.jetty/jetty-server@9.4.55

Essentials
History (1)

purl	pkg:maven/org.eclipse.jetty/jetty-server@9.4.55
Tags	Ghost

Next non-vulnerable version	9.4.57.v20241219
Latest non-vulnerable version	12.1.6
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-gq93-ctd4-aqbp Aliases: CVE-2024-8184 GHSA-g8m5-722r-8whq	Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks ### Impact Remote DOS attack can cause out of memory ### Description There exists a security vulnerability in Jetty's `ThreadLimitHandler.getRemote()` which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. ### Affected Versions * Jetty 12.0.0-12.0.8 (Supported) * Jetty 11.0.0-11.0.23 (EOL) * Jetty 10.0.0-10.0.23 (EOL) * Jetty 9.3.12-9.4.55 (EOL) ### Patched Versions * Jetty 12.0.9 * Jetty 11.0.24 * Jetty 10.0.24 * Jetty 9.4.56 ### Workarounds Do not use `ThreadLimitHandler`. Consider use of `QoSHandler` instead to artificially limit resource utilization. ### References Jetty 12 - https://github.com/jetty/jetty.project/pull/11723	9.4.56 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.0.24 Affected by 0 other vulnerabilities. 11.0.24 Affected by 0 other vulnerabilities. 12.0.9 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-gq93-ctd4-aqbp
Aliases:
CVE-2024-8184
GHSA-g8m5-722r-8whq

Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks ### Impact Remote DOS attack can cause out of memory ### Description There exists a security vulnerability in Jetty's `ThreadLimitHandler.getRemote()` which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. ### Affected Versions * Jetty 12.0.0-12.0.8 (Supported) * Jetty 11.0.0-11.0.23 (EOL) * Jetty 10.0.0-10.0.23 (EOL) * Jetty 9.3.12-9.4.55 (EOL) ### Patched Versions * Jetty 12.0.9 * Jetty 11.0.24 * Jetty 10.0.24 * Jetty 9.4.56 ### Workarounds Do not use `ThreadLimitHandler`. Consider use of `QoSHandler` instead to artificially limit resource utilization. ### References Jetty 12 - https://github.com/jetty/jetty.project/pull/11723

9.4.56
Affected by 1 other vulnerability.

10.0.24
Affected by 0 other vulnerabilities.

11.0.24
Affected by 0 other vulnerabilities.

12.0.9
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:06:41.145173+00:00	GHSA Importer	Affected by	VCID-gq93-ctd4-aqbp	https://github.com/advisories/GHSA-g8m5-722r-8whq	38.0.0