14 matches found
ROOT-APP-MAVEN-CVE-2025-5115 CVE-2025-5115 in io.root.org.eclipse.jetty.http2:jetty-http2-common - Patched by Root
Root has patched CVE-2025-5115 in the io.root.org.eclipse.jetty.http2:jetty-http2-common package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-1948 CVE-2025-1948 in io.root.org.eclipse.jetty.http2:jetty-http2-common - Patched by Root
Root has patched CVE-2025-1948 in the io.root.org.eclipse.jetty.http2:jetty-http2-common package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-22201 CVE-2024-22201 in io.root.org.eclipse.jetty.http2:jetty-http2-common - Patched by Root
Root has patched CVE-2024-22201 in the io.root.org.eclipse.jetty.http2:jetty-http2-common package for Root:Maven. Multiple fixed versions available...
io.airlift:http-server (=324), io.airlift:jmx-http (=324) +5 more potentially affected by CVE-2025-5115 via org.eclipse.jetty.http2:jetty-http2-server (>=12.1.0.alpha0 <=12.1.0.beta2)
org.eclipse.jetty.http2:jetty-http2-server MAVEN version =12.1.0.alpha0, =12.1.0.alpha2, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.beta2 Source cves: CVE-2025-5115 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-12047652...
io.airlift:discovery (=324), io.airlift:http-client (=324) +13 more potentially affected by CVE-2025-5115 via org.eclipse.jetty.http2:jetty-http2-common (>=12.1.0.alpha0 <=12.1.0.beta2)
org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.1.0.alpha0, =12.1.0.alpha2, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.beta2 Source cves: CVE-2025-5115 Source advisory: OSV:GHSA-MMXM-8W33-WC4H...
io.airlift:discovery (=324), io.airlift:http-client (=324) +13 more potentially affected by CVE-2025-5115 via org.eclipse.jetty.http2:jetty-http2-common (>=12.1.0.alpha0 <=12.1.0.beta2)
org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.1.0.alpha0, =12.1.0.alpha2, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.beta2 Source cves: CVE-2025-5115 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-12047664...
com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +916 more potentially affected by CVE-2025-5115 via org.eclipse.jetty.http2:jetty-http2-common (>=12.0.0 <=12.0.24)
org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.0.0, =5.3.1, =2.6.0, =2.0.0, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.223 and more Source cves: CVE-2025-5115 Source advisory: OSV:GHSA-MMXM-8W33-WC4H...
com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +916 more potentially affected by CVE-2025-5115 via org.eclipse.jetty.http2:jetty-http2-common (>=12.0.0 <=12.0.24)
org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.0.0, =5.3.1, =2.6.0, =2.0.0, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.223 and more Source cves: CVE-2025-5115 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-12047664...
com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +750 more potentially affected by CVE-2025-1948 via org.eclipse.jetty.http2:jetty-http2-common (>=12.0.0 <=12.0.16)
org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.0.0, =5.3.1, =2.6.0, =1.41.1, =1.1.18, =2.0.20, =3.0.0, =3.0.2, =3.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0-A1, =4.0.0-A1, =4.0.0-A1, =4.1.0, =4.2.1 and more Source cves: CVE-2025-1948 Source advisory: OSV:GHSA-889J-63JV-QHR8...
com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +751 more potentially affected by CVE-2025-1948 via org.eclipse.jetty.http2:jetty-http2-hpack (>=12.0.0 <=12.0.16)
org.eclipse.jetty.http2:jetty-http2-hpack MAVEN version =12.0.0, =5.3.1, =2.6.0, =1.41.1, =1.1.18, =2.0.20, =3.0.0, =3.0.2, =3.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0-A1, =4.0.0-A1, =4.0.0-A1, =4.1.0, =4.2.1 and more Source cves: CVE-2025-1948 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-10118703...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of validation on the SETTINGSMAXHEADERLISTSIZE parameter. An attacker can cause the server to allocate excessive memory resources, leading to an OutOfMemoryError or...
CVE-2025-1948
The CVE-2025-1948 issue affects Eclipse Jetty 12.0.0–12.0.16 where HTTP/2 SETTINGS_MAX_HEADER_LIST_SIZE can be set to a very large value. The Jetty HTTP/2 server does not validate this setting, leading to an allocation of a ByteBuffer of the requested size and likely OutOfMemoryError or JVM crash...
biz.netcentric.cq.tools.accesscontroltool:sling-maximum-version-environment (>=4.2.0 <=4.2.1), com.atlan:package-toolkit-testing (>=5.3.1 <=7.2.3) +978 more potentially affected by CVE-2024-22201 via org.eclipse.jetty.http2:jetty-http2-common (>=12.0.0 <=12.0.5)
org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.0.0, =4.2.0, =5.3.1, =2.6.0, =2.0.0, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.230 and more Source cves: CVE-2024-22201 Source advisory: OSV:GHSA-RGGV-CV7R-MW98...
com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +827 more potentially affected by CVE-2023-44487 via org.eclipse.jetty.http2:jetty-http2-common (>=12.0.0 <=12.0.19)
org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.0.0, =5.3.1, =2.6.0, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.223 and more Source cves: CVE-2023-44487 Source advisory: OSV:GHSA-QPPJ-FM5R-HXR3...