org.eclipse.jetty:jetty-servlet@7.0.0.M0 vulnerabilities

latest version

11.0.24
latest non vulnerable version

11.0.24
first published

16 years ago
latest version published

2 months ago
licenses detected
- (Apache-2.0 OR EPL-1.0)
  [7.0.0.M0,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.eclipse.jetty:jetty-servlet package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Directory Traversal Affected versions of this package are vulnerable to Directory Traversal. This issue allows remote attackers to access arbitrary files via directory traversal sequences in the URI. Note: In order for a system to be vulnerable, it must either be using the `DefaultServlet` with support for aliases explicitly enabled or the `ResourceHandler` class to serve static content. How to fix Directory Traversal? Upgrade `org.eclipse.jetty:jetty-servlet` to version 7.0.0.M2 or higher.	[7.0.0.M0,7.0.0.M2)

Directory Traversal

Affected versions of this package are vulnerable to Directory Traversal. This issue allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

Note:

In order for a system to be vulnerable, it must either be using the DefaultServlet with support for aliases explicitly enabled or the ResourceHandler class to serve static content.

How to fix Directory Traversal?

Upgrade org.eclipse.jetty:jetty-servlet to version 7.0.0.M2 or higher.

[7.0.0.M0,7.0.0.M2)

Go back to all versions of this package

org.eclipse.jetty:jetty-servlet@7.0.0.M0 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities