Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the `GzipHandler` process when handling a compressed HTTP request with `Content-Encoding: gzip` and the response is not deflated (no `Accept-Encoding: gzip`). An attacker can cause resource exhaustion by sending specially crafted requests that trigger repeated allocation of JDK Inflater objects without proper release. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `org.eclipse.jetty:jetty-server` to version 12.0.32, 12.1.6 or higher.	[12.0.0.alpha0,12.0.32)[12.1.0.alpha0,12.1.6)

Allocation of Resources Without Limits or Throttling

org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the GzipHandler process when handling a compressed HTTP request with Content-Encoding: gzip and the response is not deflated (no Accept-Encoding: gzip). An attacker can cause resource exhaustion by sending specially crafted requests that trigger repeated allocation of JDK Inflater objects without proper release.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade org.eclipse.jetty:jetty-server to version 12.0.32, 12.1.6 or higher.

[12.0.0.alpha0,12.0.32)[12.1.0.alpha0,12.1.6)

Go back to all versions of this package