org.eclipse.jetty.ee9:jetty-ee9-nested@12.0.8 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.eclipse.jetty.ee9:jetty-ee9-nested package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

org.eclipse.jetty.ee9:jetty-ee9-nested is a jetty core handler adapted to legacy ee9 handler.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the ThreadLimitHandler.getRemote() method. An attacker can exhaust the server's memory and trigger OutofMemory errors by repeatedly sending crafted requests.

How to fix Denial of Service (DoS)?

Upgrade org.eclipse.jetty.ee9:jetty-ee9-nested to version 12.0.9 or higher.

[,12.0.9)