Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.eclipse.jetty/jetty-server@9.4.40
Typemaven
Namespaceorg.eclipse.jetty
Namejetty-server
Version9.4.40
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.4.57.v20241219
Latest_non_vulnerable_version12.1.6
Affected_by_vulnerabilities
0
url VCID-q35p-8qhp-aqec
vulnerability_id VCID-q35p-8qhp-aqec
summary 
SessionListener can prevent a session from being invalidated breaking logout
### Impact
If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager.   On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated.  This can result in an application used on a shared computer being left logged in.

There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception.    The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out.  If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out.

### Workarounds
The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34428.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34428.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-34428
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50479
published_at 2026-04-29T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50483
published_at 2026-05-09T12:55:00Z
2
value 0.00271
scoring_system epss
scoring_elements 0.50453
published_at 2026-05-07T12:55:00Z
3
value 0.00271
scoring_system epss
scoring_elements 0.50544
published_at 2026-05-14T12:55:00Z
4
value 0.00271
scoring_system epss
scoring_elements 0.5057
published_at 2026-04-21T12:55:00Z
5
value 0.00271
scoring_system epss
scoring_elements 0.50524
published_at 2026-04-26T12:55:00Z
6
value 0.00271
scoring_system epss
scoring_elements 0.50516
published_at 2026-04-24T12:55:00Z
7
value 0.00271
scoring_system epss
scoring_elements 0.50468
published_at 2026-05-12T12:55:00Z
8
value 0.00271
scoring_system epss
scoring_elements 0.504
published_at 2026-05-05T12:55:00Z
9
value 0.00271
scoring_system epss
scoring_elements 0.50437
published_at 2026-05-11T12:55:00Z
10
value 0.00669
scoring_system epss
scoring_elements 0.71344
published_at 2026-04-16T12:55:00Z
11
value 0.00669
scoring_system epss
scoring_elements 0.7126
published_at 2026-04-02T12:55:00Z
12
value 0.00669
scoring_system epss
scoring_elements 0.71252
published_at 2026-04-07T12:55:00Z
13
value 0.00669
scoring_system epss
scoring_elements 0.71278
published_at 2026-04-04T12:55:00Z
14
value 0.00669
scoring_system epss
scoring_elements 0.71294
published_at 2026-04-08T12:55:00Z
15
value 0.00669
scoring_system epss
scoring_elements 0.71308
published_at 2026-04-09T12:55:00Z
16
value 0.00669
scoring_system epss
scoring_elements 0.7133
published_at 2026-04-11T12:55:00Z
17
value 0.00669
scoring_system epss
scoring_elements 0.71314
published_at 2026-04-12T12:55:00Z
18
value 0.00669
scoring_system epss
scoring_elements 0.71298
published_at 2026-04-13T12:55:00Z
19
value 0.00669
scoring_system epss
scoring_elements 0.7135
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-34428
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
11
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
12
reference_url https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695@%3Cjira.kafka.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-34428
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-34428
19
reference_url https://security.netapp.com/advisory/ntap-20210813-0003
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210813-0003
20
reference_url https://security.netapp.com/advisory/ntap-20210813-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210813-0003/
21
reference_url https://www.debian.org/security/2021/dsa-4949
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4949
22
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
23
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
24
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1974891
reference_id 1974891
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1974891
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990578
reference_id 990578
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990578
27
reference_url https://github.com/advisories/GHSA-m6cp-vxjx-65j6
reference_id GHSA-m6cp-vxjx-65j6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6cp-vxjx-65j6
28
reference_url https://access.redhat.com/errata/RHSA-2021:3225
reference_id RHSA-2021:3225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3225
29
reference_url https://access.redhat.com/errata/RHSA-2021:3700
reference_id RHSA-2021:3700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3700
30
reference_url https://access.redhat.com/errata/RHSA-2021:3758
reference_id RHSA-2021:3758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3758
31
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
32
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.40.v20210413
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.40.v20210413
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-kx4x-gnk4-yugu
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.40.v20210413
1
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.41
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.41
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.41
2
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.3
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.3
3
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.3
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.3
aliases CVE-2021-34428, GHSA-m6cp-vxjx-65j6
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q35p-8qhp-aqec
Fixing_vulnerabilities
Risk_score1.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.40