pkg:maven/org.eclipse.jetty/jetty-server
Type
maven
Namespace
org.eclipse.jetty
Name
jetty-server
Known advisories, vulnerabilities and fixes for org.eclipse.jetty/jetty-server package.
Critical
4
High
7
Moderate
10
Low
2
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 11.0.0, < 11.0.2 >= 10.0.0, < 10.0.2 >= 7.2.2, < 9.4.39 |
CVE-2021-28165
|
MAVEN:GHSA-26VR-8J45-3R4W | Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources | high |
2021-04-06T17:31:30
(3 years ago) |
|
Fixed | = 11.0.2 = 10.0.2 = 9.4.39 |
CVE-2021-28165
|
MAVEN:GHSA-26VR-8J45-3R4W | Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources | high |
2021-04-06T17:31:30
(3 years ago) |
|
Affected | = 9.4.23.v20191118 = 9.4.22.v20191022 = 9.4.21.v20190926 |
CVE-2019-17632
|
MAVEN:GHSA-5H9J-Q6J2-253F | Unescaped exception messages in error responses in Jetty | moderate |
2019-12-02T18:13:28
(4 years ago) |
|
Fixed | = 9.4.24.v20191120 |
CVE-2019-17632
|
MAVEN:GHSA-5H9J-Q6J2-253F | Unescaped exception messages in error responses in Jetty | moderate |
2019-12-02T18:13:28
(4 years ago) |
|
Affected | >= 9.4.0, < 9.4.11.v20180605 >= 9.3.0, < 9.3.24.v20180605 < 9.2.25.v20180606 |
CVE-2017-7658
|
MAVEN:GHSA-6X9X-8QW9-9PP6 | Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling) | critical |
2018-10-19T16:16:38
(5 years ago) |
|
Fixed | = 9.4.11.v20180605 = 9.3.24.v20180605 = 9.2.25.v20180606 |
CVE-2017-7658
|
MAVEN:GHSA-6X9X-8QW9-9PP6 | Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling) | critical |
2018-10-19T16:16:38
(5 years ago) |
|
Affected | >= 9.4.0, <= 9.4.15.v20190215 >= 9.3.0, <= 9.3.25.v20180904 <= 9.2.26.v20180806 |
CVE-2019-10241
|
MAVEN:GHSA-7VX9-XJHR-RW6H | Cross-site Scripting in Eclipse Jetty | moderate |
2019-04-23T16:06:02
(5 years ago) |
|
Fixed | = 9.4.16.v20190411 = 9.3.26.v20190403 = 9.2.27.v20190403 |
CVE-2019-10241
|
MAVEN:GHSA-7VX9-XJHR-RW6H | Cross-site Scripting in Eclipse Jetty | moderate |
2019-04-23T16:06:02
(5 years ago) |
|
Affected | >= 9.4.0, <= 9.4.10.v20180503 <= 9.3.23.v20180228 |
CVE-2017-7656
|
MAVEN:GHSA-84Q7-P226-4X5W | Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling) | high |
2018-10-19T16:16:27
(5 years ago) |
|
Fixed | = 9.4.11.v20180605 = 9.3.24.v20180605 |
CVE-2017-7656
|
MAVEN:GHSA-84Q7-P226-4X5W | Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling) | high |
2018-10-19T16:16:27
(5 years ago) |
|
Affected | >= 9.4.0, <= 9.4.34 |
CVE-2020-27218
|
MAVEN:GHSA-86WM-RRJM-8WH8 | Buffer not correctly recycled in Gzip Request inflation | moderate |
2020-12-02T18:28:18
(3 years ago) |
|
Fixed | = 9.4.35.v20201120 |
CVE-2020-27218
|
MAVEN:GHSA-86WM-RRJM-8WH8 | Buffer not correctly recycled in Gzip Request inflation | moderate |
2020-12-02T18:28:18
(3 years ago) |
|
Affected | >= 9.3.0, < 9.3.9 |
CVE-2016-4800
|
MAVEN:GHSA-872G-2H8H-362Q | Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request | critical |
2018-10-19T16:16:16
(5 years ago) |
|
Fixed | = 9.3.9 |
CVE-2016-4800
|
MAVEN:GHSA-872G-2H8H-362Q | Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request | critical |
2018-10-19T16:16:16
(5 years ago) |
|
Affected | >= 10.0.0, < 10.0.10 >= 11.0.0, < 11.0.10 |
CVE-2022-2191
|
MAVEN:GHSA-8MPP-F3F7-XC28 | Jetty SslConnection does not release pooled ByteBuffers in case of errors | high |
2022-07-07T20:55:37
(2 years ago) |
|
Fixed | = 10.0.10 = 11.0.10 |
CVE-2022-2191
|
MAVEN:GHSA-8MPP-F3F7-XC28 | Jetty SslConnection does not release pooled ByteBuffers in case of errors | high |
2022-07-07T20:55:37
(2 years ago) |
|
Affected | >= 9.0.0, <= 9.3.23.v20180228 >= 9.4.0, <= 9.4.10.v20180503 |
CVE-2018-12536
|
MAVEN:GHSA-9RGV-H7X4-QW8G | Eclipse Jetty Server generates error message containing sensitive information | moderate |
2018-10-19T16:15:56
(5 years ago) |
|
Fixed | = 9.3.24.v20180605 = 9.4.11.v20180605 |
CVE-2018-12536
|
MAVEN:GHSA-9RGV-H7X4-QW8G | Eclipse Jetty Server generates error message containing sensitive information | moderate |
2018-10-19T16:15:56
(5 years ago) |
|
Affected | <= 9.2.8.v20150217 |
CVE-2015-2080
|
MAVEN:GHSA-GHGJ-3XQR-6JFM | Jetty vulnerable to exposure of sensitive information to unauthenticated remote users | high |
2018-11-09T17:50:00
(5 years ago) |
|
Fixed | = 9.2.9.v20150224 |
CVE-2015-2080
|
MAVEN:GHSA-GHGJ-3XQR-6JFM | Jetty vulnerable to exposure of sensitive information to unauthenticated remote users | high |
2018-11-09T17:50:00
(5 years ago) |
|
Affected | >= 9.3.0, <= 9.3.24.v20180605 >= 9.4.0, <= 9.4.12.RC2 |
CVE-2018-12545
|
MAVEN:GHSA-H2F4-V4C4-6WX4 | Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server | high |
2019-03-28T18:33:38
(5 years ago) |
|
Fixed | = 9.3.25.v20180904 = 9.4.12.v20180830 |
CVE-2018-12545
|
MAVEN:GHSA-H2F4-V4C4-6WX4 | Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server | high |
2019-03-28T18:33:38
(5 years ago) |
|
Affected | >= 6.1.0pre1, < 6.1.0pre3 >= 6.0.0, < 6.0.2 >= 5.1.0, < 5.1.12 < 4.2.27 |
CVE-2006-6969
|
MAVEN:GHSA-JG2X-R643-W2CH | Jetty Uses Predictable Session Identifiers | moderate |
2022-05-01T07:43:29
(2 years ago) |
|
Fixed | = 6.1.0pre3 = 6.0.2 = 5.1.12 = 4.2.27 |
CVE-2006-6969
|
MAVEN:GHSA-JG2X-R643-W2CH | Jetty Uses Predictable Session Identifiers | moderate |
2022-05-01T07:43:29
(2 years ago) |
|
Affected | = 11.0.0 = 10.0.0 >= 9.4.6, < 9.4.37 |
CVE-2020-27223
|
MAVEN:GHSA-M394-8RWW-3JR7 | DOS vulnerability for Quoted Quality CSV headers | moderate |
2021-03-10T03:46:47
(3 years ago) |
|
Fixed | = 11.0.1 = 10.0.1 = 9.4.37 |
CVE-2020-27223
|
MAVEN:GHSA-M394-8RWW-3JR7 | DOS vulnerability for Quoted Quality CSV headers | moderate |
2021-03-10T03:46:47
(3 years ago) |
|
Affected | >= 11.0.0, <= 11.0.2 >= 10.0.0, <= 10.0.2 <= 9.4.40 |
CVE-2021-34428
|
MAVEN:GHSA-M6CP-VXJX-65J6 | SessionListener can prevent a session from being invalidated breaking logout | low |
2021-06-23T20:23:04
(3 years ago) |
|
Fixed | = 11.0.3 = 10.0.3 = 9.4.41 |
CVE-2021-34428
|
MAVEN:GHSA-M6CP-VXJX-65J6 | SessionListener can prevent a session from being invalidated breaking logout | low |
2021-06-23T20:23:04
(3 years ago) |
|
Affected | >= 9.4.0, <= 9.4.10.v20180503 |
CVE-2018-12538
|
MAVEN:GHSA-MWCX-532G-8PQ3 | Access and integrity issue within Eclipse Jetty | high |
2018-10-16T17:44:11
(6 years ago) |
|
Fixed | = 9.4.11.v20180605 |
CVE-2018-12538
|
MAVEN:GHSA-MWCX-532G-8PQ3 | Access and integrity issue within Eclipse Jetty | high |
2018-10-16T17:44:11
(6 years ago) |
|
Affected | < 9.4.51.v20230217 >= 12.0.0alpha0, < 12.0.0.beta0 >= 11.0.0, < 11.0.14 >= 10.0.0, < 10.0.14 |
CVE-2023-26049
|
MAVEN:GHSA-P26G-97M4-6Q7C | Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies | low |
2023-04-18T22:19:57
(17 months ago) |
|
Fixed | = 9.4.51.v20230217 = 12.0.0.beta0 = 11.0.14 = 10.0.14 |
CVE-2023-26049
|
MAVEN:GHSA-P26G-97M4-6Q7C | Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies | low |
2023-04-18T22:19:57
(17 months ago) |
|
Affected | < 9.4.51.v20230217 >= 11.0.0, < 11.0.14 >= 10.0.0, < 10.0.14 |
CVE-2023-26048
|
MAVEN:GHSA-QW69-RQJ8-6QW8 | OutOfMemoryError for large multipart without filename in Eclipse Jetty | moderate |
2023-04-19T18:15:45
(17 months ago) |
|
Fixed | = 9.4.51.v20230217 = 11.0.14 = 10.0.14 |
CVE-2023-26048
|
MAVEN:GHSA-QW69-RQJ8-6QW8 | OutOfMemoryError for large multipart without filename in Eclipse Jetty | moderate |
2023-04-19T18:15:45
(17 months ago) |
|
Affected | <= 8.1.0.RC2 |
CVE-2011-4461
|
MAVEN:GHSA-QXP4-27VX-XMM3 | Improper Input Validation in Jetty | moderate |
2022-05-14T01:27:35
(2 years ago) |
|
Fixed | = 8.1.0.RC4 |
CVE-2011-4461
|
MAVEN:GHSA-QXP4-27VX-XMM3 | Improper Input Validation in Jetty | moderate |
2022-05-14T01:27:35
(2 years ago) |
|
Affected | >= 9.4.0, <= 9.4.16.v20190411 >= 9.3.0, <= 9.3.26.v20190403 >= 9.2.0, <= 9.2.27.v20190403 |
CVE-2019-10246
|
MAVEN:GHSA-R28M-G6J9-R2H5 | Information Exposure vulnerability in Eclipse Jetty | moderate |
2019-04-23T16:07:18
(5 years ago) |
|
Fixed | = 9.4.17.v20190418 = 9.3.27.v20190418 = 9.2.28.v20190418 |
CVE-2019-10246
|
MAVEN:GHSA-R28M-G6J9-R2H5 | Information Exposure vulnerability in Eclipse Jetty | moderate |
2019-04-23T16:07:18
(5 years ago) |
|
Affected | >= 9.3.0, <= 9.3.23.v20180228 <= 9.2.25.v20180105 |
CVE-2017-7657
|
MAVEN:GHSA-VGG8-72F2-QM23 | Critical severity vulnerability that affects org.eclipse.jetty:jetty-server | critical |
2018-10-19T16:15:34
(5 years ago) |
|
Fixed | = 9.3.24.v20180605 = 9.2.25.v20180606 |
CVE-2017-7657
|
MAVEN:GHSA-VGG8-72F2-QM23 | Critical severity vulnerability that affects org.eclipse.jetty:jetty-server | critical |
2018-10-19T16:15:34
(5 years ago) |
|
Affected | <= 9.2.21.v20170120 >= 9.3.0, <= 9.3.19.v20170502 >= 9.4.0, <= 9.4.5.v20170502 |
CVE-2017-9735
|
MAVEN:GHSA-WFCC-PFF6-RGC5 | Jetty vulnerable to exposure of sensitive information due to observable discrepancy | high |
2018-10-19T16:15:46
(5 years ago) |
|
Fixed | = 9.2.22.v20170606 = 9.3.20.v20170531 = 9.4.6.v20170531 |
CVE-2017-9735
|
MAVEN:GHSA-WFCC-PFF6-RGC5 | Jetty vulnerable to exposure of sensitive information due to observable discrepancy | high |
2018-10-19T16:15:46
(5 years ago) |
|
Affected | >= 9.4.27, <= 9.4.30.v20200610 |
CVE-2019-17638
|
MAVEN:GHSA-X3RH-M7VP-35F2 | Operation on a Resource after Expiration or Release in Jetty Server | critical |
2020-08-05T14:52:59
(4 years ago) |
|
Fixed | = 9.4.30.v20200611 |
CVE-2019-17638
|
MAVEN:GHSA-X3RH-M7VP-35F2 | Operation on a Resource after Expiration or Release in Jetty Server | critical |
2020-08-05T14:52:59
(4 years ago) |
|
Affected | >= 9.4.0, <= 9.4.16.v20190411 >= 9.3.0, <= 9.3.26.v20190403 >= 7.0.0, <= 9.2.27.v20190403 |
CVE-2019-10247
|
MAVEN:GHSA-XC67-HJX6-CGG6 | Installation information leak in Eclipse Jetty | moderate |
2019-04-23T16:07:12
(5 years ago) |
|
Fixed | = 9.4.17.v20190418 = 9.3.27.v20190418 = 9.2.28.v20190418 |
CVE-2019-10247
|
MAVEN:GHSA-XC67-HJX6-CGG6 | Installation information leak in Eclipse Jetty | moderate |
2019-04-23T16:07:12
(5 years ago) |