Search for packages
| purl | pkg:maven/org.eclipse.jetty/jetty-http@9.4.11.v20180605 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1pjh-3upb-aaaq
Aliases: CVE-2023-36478 GHSA-wgh7-54f2-x98r |
HTTP/2 HPACK integer overflow and buffer allocation |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-2r83-7d8z-aaaq
Aliases: CVE-2021-28165 GHSA-26vr-8j45-3r4w |
Uncontrolled Resource Consumption in Jetty |
Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-4pm7-acja-aaar
Aliases: CVE-2023-26049 GHSA-p26g-97m4-6q7c |
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-7uj6-vf93-aaaa
Aliases: CVE-2019-10241 GHSA-7vx9-xjhr-rw6h |
Cross-site Scripting in Eclipse Jetty |
Affected by 11 other vulnerabilities. |
|
VCID-87rw-weuq-aaaq
Aliases: CVE-2023-40167 GHSA-hmr7-m48g-48f6 |
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-9xa5-ja57-aaaa
Aliases: CVE-2020-27216 GHSA-g3wg-6mcf-8jj6 |
Local Temp Directory Hijacking Vulnerability |
Affected by 9 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-bnhg-w29f-ufeb
Aliases: CVE-2024-6763 GHSA-qh8g-58pp-2wxh |
Eclipse Jetty URI parsing of invalid authority |
Affected by 0 other vulnerabilities. |
|
VCID-qg7n-txwg-aaac
Aliases: CVE-2022-2047 GHSA-cj7v-27pg-wf7q |
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. |
Affected by 6 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-v2bf-23x6-aaah
Aliases: CVE-2019-10247 GHSA-xc67-hjx6-cgg6 |
Installation information leak in Eclipse Jetty |
Affected by 9 other vulnerabilities. |
|
VCID-vz7f-5qd7-aaar
Aliases: CVE-2023-26048 GHSA-qw69-rqj8-6qw8 |
OutOfMemoryError for large multipart without filename in Eclipse Jetty |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-z6zz-u5hj-aaaf
Aliases: CVE-2020-27223 GHSA-m394-8rww-3jr7 |
DOS vulnerability for Quoted Quality CSV headers |
Affected by 9 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||