CVE-2025-1948
The CVE-2025-1948 issue affects Eclipse Jetty 12.0.0–12.0.16 where HTTP/2 SETTINGS_MAX_HEADER_LIST_SIZE can be set to a very large value. The Jetty HTTP/2 server does not validate this setting, leading to an allocation of a ByteBuffer of the requested size and likely OutOfMemoryError or JVM crash...