org.eclipse.jetty.http2:http2-server 11.0.9 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.eclipse.jetty.http2:http2-server package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via malformed HTTP/2 control frames that manipulate the `RST_STREAM` process. An attacker can exhaust server resources and disrupt service availability by rapidly sending specially crafted frames that cause the server to reset streams and miscount active connections. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `org.eclipse.jetty.http2:http2-server` to version 9.4.58.v20250814, 10.0.26, 11.0.26 or higher.	[,9.4.58.v20250814)[10.0.0-alpha0,10.0.26)[11.0.0-alpha0,11.0.26)
H Insufficient Resource Pool Affected versions of this package are vulnerable to Insufficient Resource Pool due to improper handling of an invalid HTTP/2 request processing, when the `selector thread` is writing a blocking error response. Exploiting this vulnerability might lead the server to be unresponsive. How to fix Insufficient Resource Pool? Upgrade `org.eclipse.jetty.http2:http2-server` to version 9.4.47, 10.0.10, 11.0.10 or higher.	[,9.4.47)[10.0.0-alpha0,10.0.10)[11.0.0-alpha0,11.0.10)

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via malformed HTTP/2 control frames that manipulate the RST_STREAM process. An attacker can exhaust server resources and disrupt service availability by rapidly sending specially crafted frames that cause the server to reset streams and miscount active connections.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade org.eclipse.jetty.http2:http2-server to version 9.4.58.v20250814, 10.0.26, 11.0.26 or higher.

[,9.4.58.v20250814)[10.0.0-alpha0,10.0.26)[11.0.0-alpha0,11.0.26)

Insufficient Resource Pool

Affected versions of this package are vulnerable to Insufficient Resource Pool due to improper handling of an invalid HTTP/2 request processing, when the selector thread is writing a blocking error response. Exploiting this vulnerability might lead the server to be unresponsive.

How to fix Insufficient Resource Pool?

Upgrade org.eclipse.jetty.http2:http2-server to version 9.4.47, 10.0.10, 11.0.10 or higher.

[,9.4.47)[10.0.0-alpha0,10.0.10)[11.0.0-alpha0,11.0.10)

org.eclipse.jetty.http2:http2-server@11.0.9 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?