org.eclipse.jetty:jetty-server 12.0.18

Direct Vulnerabilities

Known vulnerabilities in the org.eclipse.jetty:jetty-server package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Interpretation Conflict org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine. Affected versions of this package are vulnerable to Interpretation Conflict due to inconsistent handling of invalid or unusual URIs in the `parse()` function on `HttpURI.java‎`. An attacker can bypass security controls or access restricted resources by crafting specially formatted URIs that are interpreted differently by various system components. How to fix Interpretation Conflict? Upgrade `org.eclipse.jetty:jetty-server` to version 12.0.31, 12.1.5 or higher.	[9.4.0.M0,12.0.31)[12.1.0.alpha0,12.1.5)
H Allocation of Resources Without Limits or Throttling org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the `GzipHandler` process when handling a compressed HTTP request with `Content-Encoding: gzip` and the response is not deflated (no `Accept-Encoding: gzip`). An attacker can cause resource exhaustion by sending specially crafted requests that trigger repeated allocation of JDK Inflater objects without proper release. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `org.eclipse.jetty:jetty-server` to version 12.0.32, 12.1.6 or higher.	[12.0.0.alpha0,12.0.32)[12.1.0.alpha0,12.1.6)

Vulnerability

Vulnerable Version

Interpretation Conflict

org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine.

Affected versions of this package are vulnerable to Interpretation Conflict due to inconsistent handling of invalid or unusual URIs in the parse() function on HttpURI.java‎. An attacker can bypass security controls or access restricted resources by crafting specially formatted URIs that are interpreted differently by various system components.

How to fix Interpretation Conflict?

Upgrade org.eclipse.jetty:jetty-server to version 12.0.31, 12.1.5 or higher.

[9.4.0.M0,12.0.31)[12.1.0.alpha0,12.1.5)

Allocation of Resources Without Limits or Throttling

org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the GzipHandler process when handling a compressed HTTP request with Content-Encoding: gzip and the response is not deflated (no Accept-Encoding: gzip). An attacker can cause resource exhaustion by sending specially crafted requests that trigger repeated allocation of JDK Inflater objects without proper release.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade org.eclipse.jetty:jetty-server to version 12.0.32, 12.1.6 or higher.

[12.0.0.alpha0,12.0.32)[12.1.0.alpha0,12.1.6)

org.eclipse.jetty:jetty-server@12.0.18

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically