12.0.16
15 years ago
18 days ago
Known vulnerabilities in the org.eclipse.jetty:jetty-http package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
org.eclipse.jetty:jetty-http is an is a http module for jetty server. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input via the Notes:
How to fix Improper Validation of Syntactic Correctness of Input? Upgrade | [,12.0.12) |
org.eclipse.jetty:jetty-http is an is a http module for jetty server. Affected versions of this package are vulnerable to Denial of Service (DoS) in the How to fix Denial of Service (DoS)? Upgrade | [9.3.0,9.4.53.v20231009)[10.0.0,10.0.16)[11.0.0,11.0.16) |
org.eclipse.jetty:jetty-http is an is a http module for jetty server. Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency via the How to fix Improper Handling of Length Parameter Inconsistency? Upgrade | [9.0.0.M0,9.4.52.v20230823)[10.0.0,10.0.16)[11.0.0,11.0.16)[12.0.0,12.0.1) |
org.eclipse.jetty:jetty-http is an is a http module for jetty server. Affected versions of this package are vulnerable to Information Exposure such that nonstandard cookie parsing may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with Note:
A cookie header such as: How to fix Information Exposure? Upgrade | [,9.4.51)[10.0.0,10.0.14)[11.0.0,11.0.14)[12.0.0alpha0,12.0.0.beta0) |
org.eclipse.jetty:jetty-http is an is a http module for jetty server. Affected versions of this package are vulnerable to Improper Input Validation due to improper URI paring in the How to fix Improper Input Validation? Upgrade | [,9.4.47)[10.0.0-alpha0,10.0.10)[11.0.0-alpha0,11.0.10) |