org.eclipse.jetty.http2:http2-server@9.4.10.RC0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.eclipse.jetty.http2:http2-server package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Insufficient Resource Pool

Affected versions of this package are vulnerable to Insufficient Resource Pool due to improper handling of an invalid HTTP/2 request processing, when the selector thread is writing a blocking error response. Exploiting this vulnerability might lead the server to be unresponsive.

How to fix Insufficient Resource Pool?

Upgrade org.eclipse.jetty.http2:http2-server to version 9.4.47, 10.0.10, 11.0.10 or higher.

[,9.4.47) [10.0.0-alpha0,10.0.10) [11.0.0-alpha0,11.0.10)