Jetty Security Vulnerabilities and Issues — Jetty CVE List

Lucene search

EclipseJetty

3 matches found

CVE•added 2022/07/07 9:15 p.m.•437 views

CVE-2022-2047

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

4CVSS5.2AI score0.01221EPSS

CVE•added 2022/07/07 9:15 p.m.•308 views

CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left ...

7.5CVSS7.3AI score0.01143EPSS

CVE•added 2022/07/07 9:15 p.m.•153 views

CVE-2022-2191

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

7.5CVSS7.5AI score0.00468EPSS