21 matches found
Security Bulletin:Jetty URI Parser Differences and Potential Security Implications
Summary The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs...
SUSE CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
EUVD-2025-208311
org.eclipse.jetty:jetty-http has different parsing of invalid URIs...
CVE-2025-11143
A flaw was found in org.eclipse.jetty. The Jetty URI parser handles invalid or unusual Uniform Resource Identifiers URIs differently compared to other common parsers. This discrepancy, known as differential parsing, can lead to security bypasses in systems that use multiple components to process...
CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
DEBIAN-CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
UBUNTU-CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
CVE-2025-11143
Summary of CVE-2025-11143 : The Jetty HTTP URI parser has differences in handling invalid/unusual URIs, causing potential security by‑pass or leakage of implementation details when multiple components parse URIs differently. Public sources describe practical implications as differential parsing a...
CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
PT-2026-23435
Name of the Vulnerable Software and Affected Versions Jetty affected versions not specified Description The Jetty URI parser exhibits differences in how it evaluates invalid or unusual URIs compared to other common parsers. This differential parsing of URIs, particularly in systems with multiple...
BIT-PYTHON-2025-0938 URL parser allowed square brackets in domain names
The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...
Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-898)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-898 advisory. The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be...
Medium: python3.9
Issue Overview: The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could...
Python Improper Input Validation Vulnerability (Jan 2025) - Mac OS X
Python is prone to an improper input validation vulnerability in the urllib.parse.urlsplit and urlparse standard functions. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2025-0938
Summary (CVE-2025-0938): The issue arises in Python’s standard library URL parsing, where urllib.parse.urlsplit/urlparse accepted domain names containing square brackets, contrary to RFC 3986. This leads to differential parsing between Python’s parser and other RFC-compliant parsers. The connecte...