Jetty@* Security Vulnerabilities and Issues — Jetty@* CVE List

Lucene search

EclipseJetty*

3 matches found

CVE•added 2020/11/28 1:15 a.m.•409 views

CVE-2020-27218

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is...

5.8CVSS5.1AI score0.00599EPSS

CVE•added 2020/10/23 1:15 p.m.•261 views

CVE-2020-27216

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub direct...

7CVSS6.9AI score0.00027EPSS

CVE•added 2020/12/14 9:15 p.m.•42 views

CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery (CSRF) and consequently allowing a cross-site WebSocket hijack on Thei...

7.1CVSS7AI score0.00094EPSS