org.eclipse.jetty.http2:http2-common@9.3.0.M0 vulnerabilities
latest version
11.0.24
latest non vulnerable version
first published
10 years ago
latest version published
3 months ago
licenses detected
- (Apache-2.0 OR EPL-1.0)[9.3.0.M0,)
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.eclipse.jetty.http2:http2-common package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation. How to fix Denial of Service (DoS)? Upgrade | [,9.4.53.v20231009)[10.0.0,10.0.17)[11.0.0,11.0.17) |
Affected versions of this package are vulnerable to Denial of Service (DoS) due to the additional CPU and memory allocations required to handle changed settings. This denial of service may happen when a remote client sends either large SETTINGs frames container with many settings, or many small SETTINGs frames How to fix Denial of Service (DoS)? Upgrade | [9.3.0.M0,9.4.12.v20180830) |