11.0.24
15 years ago
4 months ago
Known vulnerabilities in the org.eclipse.jetty:jetty-servlets package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
org.eclipse.jetty:jetty-servlets is an Utility Servlets from Jetty Affected versions of this package are vulnerable to Denial of Service (DoS) via the Note: This is only exploitable if the server does not have session passivation or an aggressive session inactivation timeout configured. How to fix Denial of Service (DoS)? Upgrade | [9.0.0.M0,9.4.54)[10.0.0,10.0.18)[11.0.0,11.0.18) |
org.eclipse.jetty:jetty-servlets is an Utility Servlets from Jetty Affected versions of this package are vulnerable to Arbitrary Code Execution. If a user sends a request to a Impact: This behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. Note: In Jetty 9.x, 10.x, and 11.x the In Jetty 12 (all environments) the How to fix Arbitrary Code Execution? Upgrade | [9.0.0,9.4.52)[10.0.0,10.0.16)[11.0.0,11.0.16) |