{"url":"http://public2.vulnerablecode.io/api/packages/29358?format=json","purl":"pkg:maven/org.eclipse.jetty.http2/jetty-http2-common@12.0.5","type":"maven","namespace":"org.eclipse.jetty.http2","name":"jetty-http2-common","version":"12.0.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"12.0.25","latest_non_vulnerable_version":"12.1.0.beta3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25511?format=json","vulnerability_id":"VCID-h7p9-tevk-akdm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5115.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5115.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5115","reference_id":"","reference_type":"","scores":[{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.6918","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5115"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/jetty/jetty.project","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetty/jetty.project"},{"reference_url":"https://github.com/jetty/jetty.project/commit/f9ee3904788b08203ed62c95a560d951da37bdb1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetty/jetty.project/commit/f9ee3904788b08203ed62c95a560d951da37bdb1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00014.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5115","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5115"},{"reference_url":"https://www.kb.cert.org/vuls/id/767506","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/767506"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/20/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/20/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/09/17/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/09/17/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111765","reference_id":"1111765","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111765"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111766","reference_id":"1111766","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111766"},{"reference_url":"https://github.com/jetty/jetty.project/pull/13449","reference_id":"13449","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-20T19:28:04Z/"}],"url":"https://github.com/jetty/jetty.project/pull/13449"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373310","reference_id":"2373310","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373310"},{"reference_url":"https://github.com/advisories/GHSA-mmxm-8w33-wc4h","reference_id":"GHSA-mmxm-8w33-wc4h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mmxm-8w33-wc4h"},{"reference_url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h","reference_id":"GHSA-mmxm-8w33-wc4h","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-20T19:28:04Z/"}],"url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"},{"reference_url":"https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26","reference_id":"jetty-10.0.26","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-20T19:28:04Z/"}],"url":"https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26"},{"reference_url":"https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26","reference_id":"jetty-11.0.26","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-20T19:28:04Z/"}],"url":"https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26"},{"reference_url":"https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25","reference_id":"jetty-12.0.25","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-20T19:28:04Z/"}],"url":"https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25"},{"reference_url":"https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0","reference_id":"jetty-12.1.0","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-20T19:28:04Z/"}],"url":"https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0"},{"reference_url":"https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814","reference_id":"jetty-9.4.58.v20250814","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-20T19:28:04Z/"}],"url":"https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14911","reference_id":"RHSA-2025:14911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16454","reference_id":"RHSA-2025:16454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16455","reference_id":"RHSA-2025:16455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16456","reference_id":"RHSA-2025:16456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16457","reference_id":"RHSA-2025:16457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16457"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16459","reference_id":"RHSA-2025:16459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16460","reference_id":"RHSA-2025:16460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16460"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16461","reference_id":"RHSA-2025:16461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16462","reference_id":"RHSA-2025:16462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16989","reference_id":"RHSA-2025:16989","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16989"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17567","reference_id":"RHSA-2025:17567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17567"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377632?format=json","purl":"pkg:maven/org.eclipse.jetty.http2/jetty-http2-common@12.0.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty.http2/jetty-http2-common@12.0.25"},{"url":"http://public2.vulnerablecode.io/api/packages/377633?format=json","purl":"pkg:maven/org.eclipse.jetty.http2/jetty-http2-common@12.1.0.beta3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty.http2/jetty-http2-common@12.1.0.beta3"}],"aliases":["CVE-2025-5115","GHSA-mmxm-8w33-wc4h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h7p9-tevk-akdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115294?format=json","vulnerability_id":"VCID-m6n7-a7a6-y3e9","summary":"In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE.\nThe Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1948.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1948.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1948","reference_id":"","reference_type":"","scores":[{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69273","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1948"},{"reference_url":"https://github.com/jetty/jetty.project","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetty/jetty.project"},{"reference_url":"https://github.com/jetty/jetty.project/commit/c8c2515936ef968dc8a3cecd9e79d1e69291e4bb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetty/jetty.project/commit/c8c2515936ef968dc8a3cecd9e79d1e69291e4bb"},{"reference_url":"https://github.com/jetty/jetty.project/issues/12690","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetty/jetty.project/issues/12690"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1948","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1948"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2365137","reference_id":"2365137","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2365137"},{"reference_url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/56","reference_id":"56","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:31:29Z/"}],"url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"},{"reference_url":"https://github.com/advisories/GHSA-889j-63jv-qhr8","reference_id":"GHSA-889j-63jv-qhr8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-889j-63jv-qhr8"},{"reference_url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8","reference_id":"GHSA-889j-63jv-qhr8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:31:29Z/"}],"url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10092","reference_id":"RHSA-2025:10092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10092"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10097","reference_id":"RHSA-2025:10097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10098","reference_id":"RHSA-2025:10098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10104","reference_id":"RHSA-2025:10104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10118","reference_id":"RHSA-2025:10118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10119","reference_id":"RHSA-2025:10119","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10120","reference_id":"RHSA-2025:10120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13274","reference_id":"RHSA-2025:13274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7696","reference_id":"RHSA-2025:7696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378858?format=json","purl":"pkg:maven/org.eclipse.jetty.http2/jetty-http2-common@12.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7p9-tevk-akdm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty.http2/jetty-http2-common@12.0.17"}],"aliases":["CVE-2025-1948","GHSA-889j-63jv-qhr8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6n7-a7a6-y3e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18225?format=json","vulnerability_id":"VCID-rjf3-qq8c-kkdv","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22201.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22201","reference_id":"","reference_type":"","scores":[{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.687","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22201"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/jetty/jetty.project","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetty/jetty.project"},{"reference_url":"https://github.com/jetty/jetty.project/commit/0839a208cdc3fcfe25206a77af59ba9fda260188","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetty/jetty.project/commit/0839a208cdc3fcfe25206a77af59ba9fda260188"},{"reference_url":"https://github.com/jetty/jetty.project/commit/b953871c9a5ff4fbca4a2499848f75182dbd9810","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetty/jetty.project/commit/b953871c9a5ff4fbca4a2499848f75182dbd9810"},{"reference_url":"https://github.com/jetty/jetty.project/issues/11259","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetty/jetty.project/issues/11259"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240329-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240329-0001"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064923","reference_id":"1064923","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064923"},{"reference_url":"https://github.com/jetty/jetty.project/issues/11256","reference_id":"11256","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/"}],"url":"https://github.com/jetty/jetty.project/issues/11256"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/20/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/20/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266136","reference_id":"2266136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266136"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22201","reference_id":"CVE-2024-22201","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22201"},{"reference_url":"https://github.com/advisories/GHSA-rggv-cv7r-mw98","reference_id":"GHSA-rggv-cv7r-mw98","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rggv-cv7r-mw98"},{"reference_url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98","reference_id":"GHSA-rggv-cv7r-mw98","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/"}],"url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html","reference_id":"msg00002.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240329-0001/","reference_id":"ntap-20240329-0001","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240329-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3634","reference_id":"RHSA-2024:3634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3635","reference_id":"RHSA-2024:3635","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3636","reference_id":"RHSA-2024:3636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4597","reference_id":"RHSA-2024:4597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4597"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4873","reference_id":"RHSA-2024:4873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4884","reference_id":"RHSA-2024:4884","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4884"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29359?format=json","purl":"pkg:maven/org.eclipse.jetty.http2/jetty-http2-common@12.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7p9-tevk-akdm"},{"vulnerability":"VCID-m6n7-a7a6-y3e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty.http2/jetty-http2-common@12.0.6"}],"aliases":["CVE-2024-22201","GHSA-rggv-cv7r-mw98"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rjf3-qq8c-kkdv"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty.http2/jetty-http2-common@12.0.5"}