VulnerableCode Package Details - pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-1npy-8ft8-v3c4 Aliases: CVE-2024-9823 GHSA-j26w-f9rq-mr2q	Eclipse Jetty has a denial of service vulnerability on DosFilter	9.4.56-1 Affected by 0 other vulnerabilities. 9.4.57-0+deb12u1 Affected by 0 other vulnerabilities. 9.4.57-1 Affected by 0 other vulnerabilities.
VCID-297f-wcds-aqcw Aliases: CVE-2024-6762 GHSA-r7m4-f9h5-gr79	Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks	9.4.57-0+deb12u1 Affected by 0 other vulnerabilities. 9.4.57-1 Affected by 0 other vulnerabilities.
VCID-8d2b-qrs3-7fgg Aliases: CVE-2024-8184 GHSA-g8m5-722r-8whq	Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks	9.4.56-1 Affected by 0 other vulnerabilities. 9.4.57-0+deb12u1 Affected by 0 other vulnerabilities. 9.4.57-1 Affected by 0 other vulnerabilities.
VCID-juk7-qcef-zyer Aliases: CVE-2024-13009 GHSA-q4rv-gq96-w7c5	UNSUPPORTED WHEN ASSIGNED GzipHandler causes part of request body to be seen as request body of a separate request In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.	9.4.57-0+deb12u1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1npy-8ft8-v3c4
Aliases:
CVE-2024-9823
GHSA-j26w-f9rq-mr2q

Eclipse Jetty has a denial of service vulnerability on DosFilter

9.4.56-1
Affected by 0 other vulnerabilities.

9.4.57-0+deb12u1
Affected by 0 other vulnerabilities.

9.4.57-1
Affected by 0 other vulnerabilities.

VCID-297f-wcds-aqcw
Aliases:
CVE-2024-6762
GHSA-r7m4-f9h5-gr79

Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks

9.4.57-0+deb12u1
Affected by 0 other vulnerabilities.

9.4.57-1
Affected by 0 other vulnerabilities.

VCID-8d2b-qrs3-7fgg
Aliases:
CVE-2024-8184
GHSA-g8m5-722r-8whq

Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

9.4.56-1
Affected by 0 other vulnerabilities.

9.4.57-0+deb12u1
Affected by 0 other vulnerabilities.

9.4.57-1
Affected by 0 other vulnerabilities.

VCID-juk7-qcef-zyer
Aliases:
CVE-2024-13009
GHSA-q4rv-gq96-w7c5

**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.

9.4.57-0+deb12u1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1pjh-3upb-aaaq	HTTP/2 HPACK integer overflow and buffer allocation	CVE-2023-36478 GHSA-wgh7-54f2-x98r
VCID-3mq7-x8eg-aaaa	Buffer not correctly recycled in Gzip Request inflation	CVE-2020-27218 GHSA-86wm-rrjm-8wh8
VCID-6y3x-kyj7-aaaf	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.	CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013
VCID-ggqc-qjf8-aaad	Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.	CVE-2024-22201 GHSA-rggv-cv7r-mw98

Vulnerability

Summary

Aliases

VCID-1pjh-3upb-aaaq

HTTP/2 HPACK integer overflow and buffer allocation

CVE-2023-36478
GHSA-wgh7-54f2-x98r

VCID-3mq7-x8eg-aaaa

Buffer not correctly recycled in Gzip Request inflation

CVE-2020-27218
GHSA-86wm-rrjm-8wh8

VCID-6y3x-kyj7-aaaf

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-44487
GHSA-qppj-fm5r-hxr3
VSV00013

VCID-ggqc-qjf8-aaad

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

CVE-2024-22201
GHSA-rggv-cv7r-mw98

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T21:55:34.916075+00:00	Debian Importer	Affected by	VCID-juk7-qcef-zyer	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T20:35:09.955493+00:00	Debian Importer	Affected by	VCID-1npy-8ft8-v3c4	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T19:15:51.990915+00:00	Debian Oval Importer	Fixing	VCID-6y3x-kyj7-aaaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T17:42:31.400630+00:00	Debian Oval Importer	Fixing	VCID-6y3x-kyj7-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T15:01:39.788446+00:00	Debian Oval Importer	Fixing	VCID-3mq7-x8eg-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:20:58.434495+00:00	Debian Oval Importer	Fixing	VCID-1pjh-3upb-aaaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T12:57:41.397334+00:00	Debian Importer	Affected by	VCID-8d2b-qrs3-7fgg	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-08T11:44:38.574447+00:00	Debian Oval Importer	Fixing	VCID-6y3x-kyj7-aaaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T10:15:43.869871+00:00	Debian Oval Importer	Fixing	VCID-6y3x-kyj7-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T07:55:02.701487+00:00	Debian Oval Importer	Fixing	VCID-3mq7-x8eg-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:15:30.032810+00:00	Debian Oval Importer	Fixing	VCID-1pjh-3upb-aaaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-05-18T03:08:01.749280+00:00	Debian Importer	Affected by	VCID-juk7-qcef-zyer	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-13T03:26:54.090612+00:00	Debian Oval Importer	Affected by	VCID-8d2b-qrs3-7fgg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-13T03:26:10.691289+00:00	Debian Oval Importer	Affected by	VCID-1npy-8ft8-v3c4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-13T03:25:02.445162+00:00	Debian Oval Importer	Affected by	VCID-297f-wcds-aqcw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T23:13:53.559529+00:00	Debian Oval Importer	Fixing	VCID-ggqc-qjf8-aaad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T23:08:33.032113+00:00	Debian Oval Importer	Fixing	VCID-ggqc-qjf8-aaad	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-12T20:00:32.245391+00:00	Debian Oval Importer	Fixing	VCID-1pjh-3upb-aaaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:29:31.939616+00:00	Debian Oval Importer	Fixing	VCID-6y3x-kyj7-aaaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T15:56:33.968148+00:00	Debian Oval Importer	Fixing	VCID-6y3x-kyj7-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T06:27:28.353570+00:00	Debian Oval Importer	Fixing	VCID-3mq7-x8eg-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:47:43.438852+00:00	Debian Oval Importer	Fixing	VCID-1pjh-3upb-aaaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-05T16:39:18.416810+00:00	Debian Importer	Affected by	VCID-1npy-8ft8-v3c4	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-05T09:30:25.114047+00:00	Debian Importer	Affected by	VCID-8d2b-qrs3-7fgg	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-02-22T06:40:14.460551+00:00	Debian Importer	Affected by	VCID-1npy-8ft8-v3c4	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-22T06:26:01.141599+00:00	Debian Importer	Affected by	VCID-8d2b-qrs3-7fgg	https://security-tracker.debian.org/tracker/data/json	35.1.0