1. Home
  2. Packages
  3. maven
  4. org.eclipse.jetty
  5. jetty-server

pkg:maven/org.eclipse.jetty/jetty-server

Type maven
Namespace org.eclipse.jetty
Name jetty-server

Known advisories, vulnerabilities and fixes for org.eclipse.jetty/jetty-server package.

Repository
https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server
Critical 4
High 7
Moderate 10
Low 2
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected >= 11.0.0, < 11.0.2 >= 10.0.0, < 10.0.2 >= 7.2.2, < 9.4.39 CVE-2021-28165
maven MAVEN:GHSA-26VR-8J45-3R4W Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources high 2021-04-06T17:31:30
(3 years ago)
Fixed = 11.0.2 = 10.0.2 = 9.4.39 CVE-2021-28165
maven MAVEN:GHSA-26VR-8J45-3R4W Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources high 2021-04-06T17:31:30
(3 years ago)
Affected = 9.4.23.v20191118 = 9.4.22.v20191022 = 9.4.21.v20190926 CVE-2019-17632
maven MAVEN:GHSA-5H9J-Q6J2-253F Unescaped exception messages in error responses in Jetty moderate 2019-12-02T18:13:28
(4 years ago)
Fixed = 9.4.24.v20191120 CVE-2019-17632
maven MAVEN:GHSA-5H9J-Q6J2-253F Unescaped exception messages in error responses in Jetty moderate 2019-12-02T18:13:28
(4 years ago)
Affected >= 9.4.0, < 9.4.11.v20180605 >= 9.3.0, < 9.3.24.v20180605 < 9.2.25.v20180606 CVE-2017-7658
maven MAVEN:GHSA-6X9X-8QW9-9PP6 Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling) critical 2018-10-19T16:16:38
(5 years ago)
Fixed = 9.4.11.v20180605 = 9.3.24.v20180605 = 9.2.25.v20180606 CVE-2017-7658
maven MAVEN:GHSA-6X9X-8QW9-9PP6 Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling) critical 2018-10-19T16:16:38
(5 years ago)
Affected >= 9.4.0, <= 9.4.15.v20190215 >= 9.3.0, <= 9.3.25.v20180904 <= 9.2.26.v20180806 CVE-2019-10241
maven MAVEN:GHSA-7VX9-XJHR-RW6H Cross-site Scripting in Eclipse Jetty moderate 2019-04-23T16:06:02
(5 years ago)
Fixed = 9.4.16.v20190411 = 9.3.26.v20190403 = 9.2.27.v20190403 CVE-2019-10241
maven MAVEN:GHSA-7VX9-XJHR-RW6H Cross-site Scripting in Eclipse Jetty moderate 2019-04-23T16:06:02
(5 years ago)
Affected >= 9.4.0, <= 9.4.10.v20180503 <= 9.3.23.v20180228 CVE-2017-7656
maven MAVEN:GHSA-84Q7-P226-4X5W Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling) high 2018-10-19T16:16:27
(5 years ago)
Fixed = 9.4.11.v20180605 = 9.3.24.v20180605 CVE-2017-7656
maven MAVEN:GHSA-84Q7-P226-4X5W Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling) high 2018-10-19T16:16:27
(5 years ago)
Affected >= 9.4.0, <= 9.4.34 CVE-2020-27218
maven MAVEN:GHSA-86WM-RRJM-8WH8 Buffer not correctly recycled in Gzip Request inflation moderate 2020-12-02T18:28:18
(3 years ago)
Fixed = 9.4.35.v20201120 CVE-2020-27218
maven MAVEN:GHSA-86WM-RRJM-8WH8 Buffer not correctly recycled in Gzip Request inflation moderate 2020-12-02T18:28:18
(3 years ago)
Affected >= 9.3.0, < 9.3.9 CVE-2016-4800
maven MAVEN:GHSA-872G-2H8H-362Q Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request critical 2018-10-19T16:16:16
(5 years ago)
Fixed = 9.3.9 CVE-2016-4800
maven MAVEN:GHSA-872G-2H8H-362Q Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request critical 2018-10-19T16:16:16
(5 years ago)
Affected >= 10.0.0, < 10.0.10 >= 11.0.0, < 11.0.10 CVE-2022-2191
maven MAVEN:GHSA-8MPP-F3F7-XC28 Jetty SslConnection does not release pooled ByteBuffers in case of errors high 2022-07-07T20:55:37
(2 years ago)
Fixed = 10.0.10 = 11.0.10 CVE-2022-2191
maven MAVEN:GHSA-8MPP-F3F7-XC28 Jetty SslConnection does not release pooled ByteBuffers in case of errors high 2022-07-07T20:55:37
(2 years ago)
Affected >= 9.0.0, <= 9.3.23.v20180228 >= 9.4.0, <= 9.4.10.v20180503 CVE-2018-12536
maven MAVEN:GHSA-9RGV-H7X4-QW8G Eclipse Jetty Server generates error message containing sensitive information moderate 2018-10-19T16:15:56
(5 years ago)
Fixed = 9.3.24.v20180605 = 9.4.11.v20180605 CVE-2018-12536
maven MAVEN:GHSA-9RGV-H7X4-QW8G Eclipse Jetty Server generates error message containing sensitive information moderate 2018-10-19T16:15:56
(5 years ago)
Affected <= 9.2.8.v20150217 CVE-2015-2080
maven MAVEN:GHSA-GHGJ-3XQR-6JFM Jetty vulnerable to exposure of sensitive information to unauthenticated remote users high 2018-11-09T17:50:00
(5 years ago)
Fixed = 9.2.9.v20150224 CVE-2015-2080
maven MAVEN:GHSA-GHGJ-3XQR-6JFM Jetty vulnerable to exposure of sensitive information to unauthenticated remote users high 2018-11-09T17:50:00
(5 years ago)
Affected >= 9.3.0, <= 9.3.24.v20180605 >= 9.4.0, <= 9.4.12.RC2 CVE-2018-12545
maven MAVEN:GHSA-H2F4-V4C4-6WX4 Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server high 2019-03-28T18:33:38
(5 years ago)
Fixed = 9.3.25.v20180904 = 9.4.12.v20180830 CVE-2018-12545
maven MAVEN:GHSA-H2F4-V4C4-6WX4 Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server high 2019-03-28T18:33:38
(5 years ago)
Affected >= 6.1.0pre1, < 6.1.0pre3 >= 6.0.0, < 6.0.2 >= 5.1.0, < 5.1.12 < 4.2.27 CVE-2006-6969
maven MAVEN:GHSA-JG2X-R643-W2CH Jetty Uses Predictable Session Identifiers moderate 2022-05-01T07:43:29
(2 years ago)
Fixed = 6.1.0pre3 = 6.0.2 = 5.1.12 = 4.2.27 CVE-2006-6969
maven MAVEN:GHSA-JG2X-R643-W2CH Jetty Uses Predictable Session Identifiers moderate 2022-05-01T07:43:29
(2 years ago)
Affected = 11.0.0 = 10.0.0 >= 9.4.6, < 9.4.37 CVE-2020-27223
maven MAVEN:GHSA-M394-8RWW-3JR7 DOS vulnerability for Quoted Quality CSV headers moderate 2021-03-10T03:46:47
(3 years ago)
Fixed = 11.0.1 = 10.0.1 = 9.4.37 CVE-2020-27223
maven MAVEN:GHSA-M394-8RWW-3JR7 DOS vulnerability for Quoted Quality CSV headers moderate 2021-03-10T03:46:47
(3 years ago)
Affected >= 11.0.0, <= 11.0.2 >= 10.0.0, <= 10.0.2 <= 9.4.40 CVE-2021-34428
maven MAVEN:GHSA-M6CP-VXJX-65J6 SessionListener can prevent a session from being invalidated breaking logout low 2021-06-23T20:23:04
(3 years ago)
Fixed = 11.0.3 = 10.0.3 = 9.4.41 CVE-2021-34428
maven MAVEN:GHSA-M6CP-VXJX-65J6 SessionListener can prevent a session from being invalidated breaking logout low 2021-06-23T20:23:04
(3 years ago)
Affected >= 9.4.0, <= 9.4.10.v20180503 CVE-2018-12538
maven MAVEN:GHSA-MWCX-532G-8PQ3 Access and integrity issue within Eclipse Jetty high 2018-10-16T17:44:11
(6 years ago)
Fixed = 9.4.11.v20180605 CVE-2018-12538
maven MAVEN:GHSA-MWCX-532G-8PQ3 Access and integrity issue within Eclipse Jetty high 2018-10-16T17:44:11
(6 years ago)
Affected < 9.4.51.v20230217 >= 12.0.0alpha0, < 12.0.0.beta0 >= 11.0.0, < 11.0.14 >= 10.0.0, < 10.0.14 CVE-2023-26049
maven MAVEN:GHSA-P26G-97M4-6Q7C Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies low 2023-04-18T22:19:57
(17 months ago)
Fixed = 9.4.51.v20230217 = 12.0.0.beta0 = 11.0.14 = 10.0.14 CVE-2023-26049
maven MAVEN:GHSA-P26G-97M4-6Q7C Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies low 2023-04-18T22:19:57
(17 months ago)
Affected < 9.4.51.v20230217 >= 11.0.0, < 11.0.14 >= 10.0.0, < 10.0.14 CVE-2023-26048
maven MAVEN:GHSA-QW69-RQJ8-6QW8 OutOfMemoryError for large multipart without filename in Eclipse Jetty moderate 2023-04-19T18:15:45
(17 months ago)
Fixed = 9.4.51.v20230217 = 11.0.14 = 10.0.14 CVE-2023-26048
maven MAVEN:GHSA-QW69-RQJ8-6QW8 OutOfMemoryError for large multipart without filename in Eclipse Jetty moderate 2023-04-19T18:15:45
(17 months ago)
Affected <= 8.1.0.RC2 CVE-2011-4461
maven MAVEN:GHSA-QXP4-27VX-XMM3 Improper Input Validation in Jetty moderate 2022-05-14T01:27:35
(2 years ago)
Fixed = 8.1.0.RC4 CVE-2011-4461
maven MAVEN:GHSA-QXP4-27VX-XMM3 Improper Input Validation in Jetty moderate 2022-05-14T01:27:35
(2 years ago)
Affected >= 9.4.0, <= 9.4.16.v20190411 >= 9.3.0, <= 9.3.26.v20190403 >= 9.2.0, <= 9.2.27.v20190403 CVE-2019-10246
maven MAVEN:GHSA-R28M-G6J9-R2H5 Information Exposure vulnerability in Eclipse Jetty moderate 2019-04-23T16:07:18
(5 years ago)
Fixed = 9.4.17.v20190418 = 9.3.27.v20190418 = 9.2.28.v20190418 CVE-2019-10246
maven MAVEN:GHSA-R28M-G6J9-R2H5 Information Exposure vulnerability in Eclipse Jetty moderate 2019-04-23T16:07:18
(5 years ago)
Affected >= 9.3.0, <= 9.3.23.v20180228 <= 9.2.25.v20180105 CVE-2017-7657
maven MAVEN:GHSA-VGG8-72F2-QM23 Critical severity vulnerability that affects org.eclipse.jetty:jetty-server critical 2018-10-19T16:15:34
(5 years ago)
Fixed = 9.3.24.v20180605 = 9.2.25.v20180606 CVE-2017-7657
maven MAVEN:GHSA-VGG8-72F2-QM23 Critical severity vulnerability that affects org.eclipse.jetty:jetty-server critical 2018-10-19T16:15:34
(5 years ago)
Affected <= 9.2.21.v20170120 >= 9.3.0, <= 9.3.19.v20170502 >= 9.4.0, <= 9.4.5.v20170502 CVE-2017-9735
maven MAVEN:GHSA-WFCC-PFF6-RGC5 Jetty vulnerable to exposure of sensitive information due to observable discrepancy high 2018-10-19T16:15:46
(5 years ago)
Fixed = 9.2.22.v20170606 = 9.3.20.v20170531 = 9.4.6.v20170531 CVE-2017-9735
maven MAVEN:GHSA-WFCC-PFF6-RGC5 Jetty vulnerable to exposure of sensitive information due to observable discrepancy high 2018-10-19T16:15:46
(5 years ago)
Affected >= 9.4.27, <= 9.4.30.v20200610 CVE-2019-17638
maven MAVEN:GHSA-X3RH-M7VP-35F2 Operation on a Resource after Expiration or Release in Jetty Server critical 2020-08-05T14:52:59
(4 years ago)
Fixed = 9.4.30.v20200611 CVE-2019-17638
maven MAVEN:GHSA-X3RH-M7VP-35F2 Operation on a Resource after Expiration or Release in Jetty Server critical 2020-08-05T14:52:59
(4 years ago)
Affected >= 9.4.0, <= 9.4.16.v20190411 >= 9.3.0, <= 9.3.26.v20190403 >= 7.0.0, <= 9.2.27.v20190403 CVE-2019-10247
maven MAVEN:GHSA-XC67-HJX6-CGG6 Installation information leak in Eclipse Jetty moderate 2019-04-23T16:07:12
(5 years ago)
Fixed = 9.4.17.v20190418 = 9.3.27.v20190418 = 9.2.28.v20190418 CVE-2019-10247
maven MAVEN:GHSA-XC67-HJX6-CGG6 Installation information leak in Eclipse Jetty moderate 2019-04-23T16:07:12
(5 years ago)