org.eclipse.jetty:jetty-servlets@9.4.52.v20230823 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.eclipse.jetty:jetty-servlets package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Denial of Service (DoS)

org.eclipse.jetty:jetty-servlets is an Utility Servlets from Jetty

Affected versions of this package are vulnerable to Denial of Service (DoS) via the DosFilter process. An attacker can exhaust the server's memory and cause a denial of service by repeatedly sending crafted requests that trigger OutOfMemory errors.

Note:

This is only exploitable if the server does not have session passivation or an aggressive session inactivation timeout configured.

How to fix Denial of Service (DoS)?

Upgrade org.eclipse.jetty:jetty-servlets to version 9.4.54, 10.0.18, 11.0.18 or higher.

[9.0.0.M0,9.4.54) [10.0.0,10.0.18) [11.0.0,11.0.18)