Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.10

Type maven

Namespace org.eclipse.jetty

Name jetty-server

Version 10.0.10

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 10.0.16

Latest_non_vulnerable_version 12.1.6

Affected_by_vulnerabilities

url VCID-3vps-uq7s-nfb7

vulnerability_id VCID-3vps-uq7s-nfb7

summary

Improper Handling of Length Parameter Inconsistency
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40167.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40167.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-40167

reference_id

reference_type

scores

value	0.04575
scoring_system	epss
scoring_elements	0.89418
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-40167

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/eclipse/jetty.project

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project

reference_url

https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:49:57Z/

url

https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html

reference_url

https://www.debian.org/security/2023/dsa-5507

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:49:57Z/

url

https://www.debian.org/security/2023/dsa-5507

reference_url

https://www.rfc-editor.org/rfc/rfc9110#section-8.6

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:49:57Z/

url

https://www.rfc-editor.org/rfc/rfc9110#section-8.6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2239634
reference_id	2239634
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2239634

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-40167

reference_id

CVE-2023-40167

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-40167

reference_url	https://github.com/advisories/GHSA-hmr7-m48g-48f6
reference_id	GHSA-hmr7-m48g-48f6
reference_type
scores
url	https://github.com/advisories/GHSA-hmr7-m48g-48f6

reference_url

https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6

reference_id

GHSA-hmr7-m48g-48f6

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:49:57Z/

url

https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6

reference_url	https://access.redhat.com/errata/RHSA-2023:5441
reference_id	RHSA-2023:5441
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5441

reference_url	https://access.redhat.com/errata/RHSA-2023:5780
reference_id	RHSA-2023:5780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5780

reference_url	https://access.redhat.com/errata/RHSA-2023:5946
reference_id	RHSA-2023:5946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5946

reference_url	https://access.redhat.com/errata/RHSA-2023:7247
reference_id	RHSA-2023:7247
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7247

reference_url	https://access.redhat.com/errata/RHSA-2023:7678
reference_id	RHSA-2023:7678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7678

reference_url	https://access.redhat.com/errata/RHSA-2023:7697
reference_id	RHSA-2023:7697
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7697

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://access.redhat.com/errata/RHSA-2024:0797
reference_id	RHSA-2024:0797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0797

fixed_packages

url	pkg:maven/org.eclipse.jetty/jetty-server@10.0.16
purl	pkg:maven/org.eclipse.jetty/jetty-server@10.0.16
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.16

url	pkg:maven/org.eclipse.jetty/jetty-server@11.0.16
purl	pkg:maven/org.eclipse.jetty/jetty-server@11.0.16
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.16

url	pkg:maven/org.eclipse.jetty/jetty-server@12.0.1
purl	pkg:maven/org.eclipse.jetty/jetty-server@12.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@12.0.1

aliases CVE-2023-40167, GHSA-hmr7-m48g-48f6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3vps-uq7s-nfb7

url VCID-bq5u-wuuv-m7au

vulnerability_id VCID-bq5u-wuuv-m7au

summary

False positive
This vulnerability has been marked as a false positive.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26048.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26048.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26048

reference_id

reference_type

scores

value	0.43407
scoring_system	epss
scoring_elements	0.97581
published_at	2026-06-05T12:55:00Z

value	0.43407
scoring_system	epss
scoring_elements	0.97577
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/eclipse/jetty.project

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project

reference_url

https://github.com/eclipse/jetty.project/issues/9076

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://github.com/eclipse/jetty.project/issues/9076

reference_url

https://github.com/eclipse/jetty.project/pull/9344

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://github.com/eclipse/jetty.project/pull/9344

reference_url

https://github.com/eclipse/jetty.project/pull/9345

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://github.com/eclipse/jetty.project/pull/9345

reference_url

https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217

reference_url

https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload

reference_url

https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html

reference_url

https://security.netapp.com/advisory/ntap-20230526-0001

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230526-0001

reference_url

https://www.debian.org/security/2023/dsa-5507

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://www.debian.org/security/2023/dsa-5507

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2236340
reference_id	2236340
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2236340

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26048

reference_id

CVE-2023-26048

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26048

reference_url	https://github.com/advisories/GHSA-qw69-rqj8-6qw8
reference_id	GHSA-qw69-rqj8-6qw8
reference_type
scores
url	https://github.com/advisories/GHSA-qw69-rqj8-6qw8

reference_url

https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8

reference_id

GHSA-qw69-rqj8-6qw8

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8

reference_url

https://security.netapp.com/advisory/ntap-20230526-0001/

reference_id

ntap-20230526-0001

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://security.netapp.com/advisory/ntap-20230526-0001/

reference_url	https://access.redhat.com/errata/RHSA-2023:5165
reference_id	RHSA-2023:5165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5165

reference_url	https://access.redhat.com/errata/RHSA-2023:5441
reference_id	RHSA-2023:5441
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5441

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://access.redhat.com/errata/RHSA-2024:3385
reference_id	RHSA-2024:3385
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3385

fixed_packages

url pkg:maven/org.eclipse.jetty/jetty-server@10.0.14

purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vps-uq7s-nfb7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.14

url pkg:maven/org.eclipse.jetty/jetty-server@11.0.14

purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vps-uq7s-nfb7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.14

aliases CVE-2023-26048, GHSA-qw69-rqj8-6qw8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq5u-wuuv-m7au

url VCID-gua7-n9ne-t3hk

vulnerability_id VCID-gua7-n9ne-t3hk

summary

Exposure of Sensitive Information to an Unauthorized Actor
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26049.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26049.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26049

reference_id

reference_type

scores

value	0.00403
scoring_system	epss
scoring_elements	0.61279
published_at	2026-06-05T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.61231
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/eclipse/jetty.project

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project

reference_url

https://github.com/eclipse/jetty.project/pull/9339

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project/pull/9339

reference_url

https://github.com/eclipse/jetty.project/pull/9352

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project/pull/9352

reference_url

https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217

reference_url

https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html

reference_url

https://security.netapp.com/advisory/ntap-20230526-0001

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230526-0001

reference_url

https://www.debian.org/security/2023/dsa-5507

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2023/dsa-5507

reference_url

https://www.rfc-editor.org/rfc/rfc2965

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.rfc-editor.org/rfc/rfc2965

reference_url

https://www.rfc-editor.org/rfc/rfc6265

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.rfc-editor.org/rfc/rfc6265

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2236341
reference_id	2236341
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2236341

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26049

reference_id

CVE-2023-26049

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26049

reference_url	https://github.com/advisories/GHSA-p26g-97m4-6q7c
reference_id	GHSA-p26g-97m4-6q7c
reference_type
scores
url	https://github.com/advisories/GHSA-p26g-97m4-6q7c

reference_url

https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c

reference_id

GHSA-p26g-97m4-6q7c

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c

reference_url	https://access.redhat.com/errata/RHSA-2023:5165
reference_id	RHSA-2023:5165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5165

reference_url	https://access.redhat.com/errata/RHSA-2023:5441
reference_id	RHSA-2023:5441
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5441

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://access.redhat.com/errata/RHSA-2024:0797
reference_id	RHSA-2024:0797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0797

reference_url	https://access.redhat.com/errata/RHSA-2024:3385
reference_id	RHSA-2024:3385
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3385

fixed_packages

url pkg:maven/org.eclipse.jetty/jetty-server@10.0.14

purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vps-uq7s-nfb7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.14

url pkg:maven/org.eclipse.jetty/jetty-server@11.0.14

purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vps-uq7s-nfb7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.14

url	pkg:maven/org.eclipse.jetty/jetty-server@12.0.0.beta0
purl	pkg:maven/org.eclipse.jetty/jetty-server@12.0.0.beta0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@12.0.0.beta0

url	pkg:maven/org.eclipse.jetty/jetty-server@12.0.1
purl	pkg:maven/org.eclipse.jetty/jetty-server@12.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@12.0.1

aliases CVE-2023-26049, GHSA-p26g-97m4-6q7c

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gua7-n9ne-t3hk

Fixing_vulnerabilities

url VCID-qkch-1wc4-4yd1

vulnerability_id VCID-qkch-1wc4-4yd1

summary In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2191.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2191.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2191

reference_id

reference_type

scores

value	0.01719
scoring_system	epss
scoring_elements	0.82758
published_at	2026-06-05T12:55:00Z

value	0.01719
scoring_system	epss
scoring_elements	0.82733
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2191

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/eclipse/jetty.project

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project

reference_url

https://github.com/eclipse/jetty.project/issues/8161

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project/issues/8161

reference_url

https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-2191

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-2191

reference_url

https://security.netapp.com/advisory/ntap-20220909-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220909-0003

reference_url	https://security.netapp.com/advisory/ntap-20220909-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220909-0003/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2116953
reference_id	2116953
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2116953

reference_url

https://github.com/advisories/GHSA-8mpp-f3f7-xc28

reference_id

GHSA-8mpp-f3f7-xc28

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8mpp-f3f7-xc28

reference_url	https://access.redhat.com/errata/RHSA-2023:0189
reference_id	RHSA-2023:0189
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0189

fixed_packages

url pkg:maven/org.eclipse.jetty/jetty-server@10.0.10

purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-gua7-n9ne-t3hk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.10

url pkg:maven/org.eclipse.jetty/jetty-server@11.0.10

purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-gua7-n9ne-t3hk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.10

aliases CVE-2022-2191, GHSA-8mpp-f3f7-xc28

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qkch-1wc4-4yd1

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.10

Package Instance