VulnerableCode Package Details - pkg:maven/org.eclipse.jetty/jetty-servlets@12.0.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.eclipse.jetty/jetty-servlets@12.0.3

purl	pkg:maven/org.eclipse.jetty/jetty-servlets@12.0.3
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	1.4

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-1ejr-3tea-kydr Aliases: CVE-2024-6762 GHSA-r7m4-f9h5-gr79	Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks ### Impact Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. ### Patches * https://github.com/jetty/jetty.project/pull/9715 * https://github.com/jetty/jetty.project/pull/9716 ### Workarounds The session usage is intrinsic to the design of the PushCacheFilter. The issue can be avoided by: + not using the PushCacheFilter. Push has been deprecated by the various IETF specs and early hints responses should be used instead. + reducing the reducing the idle timeout on unauthenticated sessions will reduce the time such session stay in memory. + configuring a session cache to use [session passivation](https://jetty.org/docs/jetty/12/programming-guide/server/session.html), so that sessions are not stored in memory, but rather in a database or file system that may have significantly more capacity than memory. ### References * https://github.com/jetty/jetty.project/pull/10756 * https://github.com/jetty/jetty.project/pull/10755	12.0.4 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:06:41.033845+00:00	GHSA Importer	Affected by	VCID-1ejr-3tea-kydr	https://github.com/advisories/GHSA-r7m4-f9h5-gr79	38.0.0