dev.dsf:dsf-bpe-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-common-jetty (>=1.0.0-M1 <=1.9.0)

dev.dsf:dsf-common-jetty MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: OSV:GHSA-GJ7P-595X-QWF5...

The vulnerability of the OpenIdAuthenticator class in Eclipse Jetty servers allows a hacker to bypass security restrictions.

The vulnerability of the OpenIdAuthenticator class in Eclipse Jetty servers is related to deficiencies in the authentication process when processing the LoginService parameter. Exploiting this vulnerability can allow an attacker to bypass security restrictions remotely...

The vulnerability of the SessionListener#sessionDestroyed() method in Eclipse Jetty’s servers allows a hacker to exploit their privileges.

The vulnerability of the SessionListenersessionDestroyed method in Eclipse Jetty-related containers is related to an incorrect session expiration time. Exploiting this vulnerability can allow attackers to increase their privileges...