org.eclipse.jetty:jetty-server vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.eclipse.jetty:jetty-server package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Improper Resource Shutdown or Release	[9.4.0.M0,9.4.57.v20241219)
H Denial of Service (DoS)	[9.3.12,9.4.56)[10.0.0,10.0.24)[11.0.0,11.0.24)[12.0.0,12.0.9)
M Improper Validation of Syntactic Correctness of Input	[,9.4.57.v20241219)[10.0.0,12.0.12)
M Directory Traversal	[7.0.0.M0,7.0.0.M2)
L Information Exposure	[,9.4.51)[10.0.0,10.0.14)[11.0.0,11.0.14)[12.0.0alpha0,12.0.0.beta0)
M Denial of Service (DoS)	[,9.4.51)[10.0.0,10.0.14)[11.0.0,11.0.14)[12.0.0.alpha0,12.0.0.beta0)
H Improper Resource Shutdown or Release	[10.0.0,10.0.10)[11.0.0,11.0.10)
L Information Exposure	[11.0.0,11.0.3)[10.0.0,10.0.3)[,9.4.41)
M Denial of Service (DoS)	[9.4.6.v20170531,9.4.37.v20210219)[10.0.0,10.0.1)[11.0.0,11.0.1)
M HTTP Request Smuggling	[9.4.0.RC0,9.4.35.v20201120)[10.0.0.alpha0,10.0.0.beta3)[11.0.0.alpha0,11.0.0.beta3)
H Operation on a Resource after Expiration or Release	[9.4.27.v20200227,9.4.30.v20200611)
M Cross-site Scripting (XSS)	[9.4.21.v20190926,9.4.24.v20191120)
M Cross-site Scripting (XSS)	[9.2.0.M0,9.2.27.v20190403)[9.3.0.M0,9.3.26.v20190403)[9.4.15.v20190215,9.4.16.v20190411)
M Information Exposure	[7.0.0.M0,9.2.28.v20190418)[9.3.0.M0,9.3.27.v20190418)[9.4.0.M0,9.4.17.v20190418)
M Information Exposure	[9.3.0.RC0,9.3.24.v20180605)[9.4.0.M0,9.4.11.v20180605)
C Authorization Bypass	(8.2.0.v20160908,9.2.25.v20180606)[9.3.0.M0,9.3.24.v20180605)[9.4.0.M0,9.4.11.v20180605)
H Web Cache Poisoning	[,9.3.24.v20180605)[9.4.0.M0,9.4.11.v20180605)
H Session Hijacking	[9.4.0.RC0,9.4.9.v20180320)
M Cryptographic Issues	[,8.1.0.v20120127)

Vulnerability

Vulnerable Version

Improper Resource Shutdown or Release

[9.4.0.M0,9.4.57.v20241219)

Denial of Service (DoS)

[9.3.12,9.4.56)[10.0.0,10.0.24)[11.0.0,11.0.24)[12.0.0,12.0.9)

Improper Validation of Syntactic Correctness of Input

[,9.4.57.v20241219)[10.0.0,12.0.12)

Directory Traversal

[7.0.0.M0,7.0.0.M2)

Information Exposure

[,9.4.51)[10.0.0,10.0.14)[11.0.0,11.0.14)[12.0.0alpha0,12.0.0.beta0)

Denial of Service (DoS)

[,9.4.51)[10.0.0,10.0.14)[11.0.0,11.0.14)[12.0.0.alpha0,12.0.0.beta0)

Improper Resource Shutdown or Release

[10.0.0,10.0.10)[11.0.0,11.0.10)

Information Exposure

[11.0.0,11.0.3)[10.0.0,10.0.3)[,9.4.41)

Denial of Service (DoS)

[9.4.6.v20170531,9.4.37.v20210219)[10.0.0,10.0.1)[11.0.0,11.0.1)

HTTP Request Smuggling

[9.4.0.RC0,9.4.35.v20201120)[10.0.0.alpha0,10.0.0.beta3)[11.0.0.alpha0,11.0.0.beta3)

Operation on a Resource after Expiration or Release

[9.4.27.v20200227,9.4.30.v20200611)

Cross-site Scripting (XSS)

[9.4.21.v20190926,9.4.24.v20191120)

Cross-site Scripting (XSS)

[9.2.0.M0,9.2.27.v20190403)[9.3.0.M0,9.3.26.v20190403)[9.4.15.v20190215,9.4.16.v20190411)

Information Exposure

[7.0.0.M0,9.2.28.v20190418)[9.3.0.M0,9.3.27.v20190418)[9.4.0.M0,9.4.17.v20190418)

Information Exposure

[9.3.0.RC0,9.3.24.v20180605)[9.4.0.M0,9.4.11.v20180605)

Authorization Bypass

(8.2.0.v20160908,9.2.25.v20180606)[9.3.0.M0,9.3.24.v20180605)[9.4.0.M0,9.4.11.v20180605)

Web Cache Poisoning

[,9.3.24.v20180605)[9.4.0.M0,9.4.11.v20180605)

Session Hijacking

[9.4.0.RC0,9.4.9.v20180320)

Cryptographic Issues

[,8.1.0.v20120127)

Package versions

421 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
12.1.3	16 Oct, 2025	0 C 0 H 0 M 0 L
12.1.2	7 Oct, 2025	0 C 0 H 0 M 0 L
12.1.1	8 Sep, 2025	0 C 0 H 0 M 0 L
12.1.0	15 Aug, 2025	0 C 0 H 0 M 0 L
12.1.0.beta3	12 Aug, 2025	0 C 0 H 0 M 0 L
12.1.0.beta2	18 Jul, 2025	0 C 0 H 0 M 0 L
12.1.0.beta1	19 Jun, 2025	0 C 0 H 0 M 0 L
12.1.0.beta0	18 May, 2025	0 C 0 H 0 M 0 L
12.1.0.alpha2	18 Mar, 2025	0 C 0 H 0 M 0 L
12.1.0.alpha1	23 Dec, 2024	0 C 0 H 0 M 0 L