VulnerableCode Package Details - pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.38.v20210224

Search for packages

Vulnerability	Summary	Fixed by
VCID-6y3x-kyj7-aaaf Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.	9.4.53 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.4.53.v20231009 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.0.17 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 11.0.17 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ggqc-qjf8-aaad Aliases: CVE-2024-22201 GHSA-rggv-cv7r-mw98	Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.	9.4.54 Affected by 0 other vulnerabilities. 9.4.54.v20240208 Affected by 0 other vulnerabilities. 10.0.20 Affected by 0 other vulnerabilities. 11.0.20 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6y3x-kyj7-aaaf
Aliases:
CVE-2023-44487
GHSA-qppj-fm5r-hxr3
VSV00013

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

9.4.53
Affected by 1 other vulnerability.

9.4.53.v20231009
Affected by 1 other vulnerability.

10.0.17
Affected by 1 other vulnerability.

11.0.17
Affected by 1 other vulnerability.

VCID-ggqc-qjf8-aaad
Aliases:
CVE-2024-22201
GHSA-rggv-cv7r-mw98

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

9.4.54
Affected by 0 other vulnerabilities.

9.4.54.v20240208
Affected by 0 other vulnerabilities.

10.0.20
Affected by 0 other vulnerabilities.

11.0.20
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:54:00.757017+00:00	GitLab Importer	Affected by	VCID-ggqc-qjf8-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2024-22201.yml	36.1.3
2025-06-20T16:45:02.959616+00:00	GitLab Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2023-44487.yml	36.1.3
2025-06-03T23:31:03.856467+00:00	GitLab Importer	Affected by	VCID-ggqc-qjf8-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2024-22201.yml	36.1.0
2025-06-03T23:23:10.593094+00:00	GitLab Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2023-44487.yml	36.1.0
2025-06-02T23:28:52.881550+00:00	GitLab Importer	Affected by	VCID-ggqc-qjf8-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2024-22201.yml	36.1.2
2025-06-02T23:20:34.949866+00:00	GitLab Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2023-44487.yml	36.1.2
2025-04-03T21:57:38.206196+00:00	GitLab Importer	Affected by	VCID-ggqc-qjf8-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2024-22201.yml	36.0.0
2025-04-03T21:39:09.880586+00:00	GitLab Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2023-44487.yml	36.0.0
2025-02-18T03:47:14.367422+00:00	GitLab Importer	Affected by	VCID-ggqc-qjf8-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2024-22201.yml	35.1.0
2025-02-18T03:38:19.895435+00:00	GitLab Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2023-44487.yml	35.1.0
2024-11-21T01:02:28.325086+00:00	GitLab Importer	Affected by	VCID-ggqc-qjf8-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2024-22201.yml	35.0.0
2024-11-21T00:58:18.742601+00:00	GitLab Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2023-44487.yml	35.0.0
2024-11-19T00:50:59.998264+00:00	GitLab Importer	Affected by	VCID-ggqc-qjf8-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2024-22201.yml	34.3.2
2024-11-19T00:39:51.994075+00:00	GitLab Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2023-44487.yml	34.3.2
2024-10-17T04:58:17.075794+00:00	GitLab Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2023-44487.yml	34.0.2
2024-10-08T01:22:39.458308+00:00	GitLab Importer	Affected by	VCID-ggqc-qjf8-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2024-22201.yml	34.0.2
2024-10-07T21:56:41.648785+00:00	GHSA Importer	Affected by	VCID-ggqc-qjf8-aaad	https://github.com/advisories/GHSA-rggv-cv7r-mw98	34.0.2
2024-10-07T21:44:37.867273+00:00	GHSA Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://github.com/advisories/GHSA-qppj-fm5r-hxr3	34.0.2
2024-09-23T01:27:43.286030+00:00	GitLab Importer	Affected by	VCID-ggqc-qjf8-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2024-22201.yml	34.0.1
2024-09-22T22:25:33.232512+00:00	GHSA Importer	Affected by	VCID-ggqc-qjf8-aaad	https://github.com/advisories/GHSA-rggv-cv7r-mw98	34.0.1
2024-09-22T22:14:08.572960+00:00	GHSA Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://github.com/advisories/GHSA-qppj-fm5r-hxr3	34.0.1
2024-05-17T21:12:23.611388+00:00	GHSA Importer	Affected by	VCID-ggqc-qjf8-aaad	https://github.com/advisories/GHSA-rggv-cv7r-mw98	34.0.0rc4
2024-05-17T20:50:33.996410+00:00	GHSA Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://github.com/advisories/GHSA-qppj-fm5r-hxr3	34.0.0rc4
2024-04-24T03:59:43.724705+00:00	GitLab Importer	Affected by	VCID-ggqc-qjf8-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty.http2/http2-common/CVE-2024-22201.yml	34.0.0rc4