org.eclipse.jetty:jetty-util@9.4.15.v20190215 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.eclipse.jetty:jetty-util package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

org.eclipse.jetty:jetty-util is a Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when a remote client uses a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a listing of directory contents.

How to fix Cross-site Scripting (XSS)?

Upgrade org.eclipse.jetty:jetty-util to version 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 or higher.

[9.2.0.M0,9.2.27.v20190403) [9.3.0.M0,9.3.26.v20190403) [9.4.15.v20190215,9.4.16.v20190411)