org.eclipse.jetty.documentation:code-examples (>=10.0.22 <=11.0.25), org.eclipse.jetty:infinispan-common (>=10.0.21 <=11.0.25) +17 more potentially affected by CVE-2024-12369 via org.wildfly.security:wildfly-elytron-http-oidc (>=2.3.0.Final <=2.6.1.Final)

org.wildfly.security:wildfly-elytron-http-oidc MAVEN version =2.3.0.Final, =10.0.22, =10.0.21, =10.0.21, =10.0.21, =10.0.21, =10.0.21, =26.0.0, =26.0.0, =26.0.0, =2.3.0.Final, =2.1.0.Final, =2.1.4.Final and more Source cves: CVE-2024-12369 Source advisory: OSV:GHSA-5565-3C98-G6JC...

Medium: jetty

Issue Overview: For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. Thi...

MGASA-2017-0277 Updated jetty packages fix security vulnerability

Jetty is prone to a timing channel attack in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords CVE-2017-9735...