Information Exposure Affecting org.eclipse.jetty:jetty-server package, versions [11.0.0, 11.0.3) [10.0.0, 10.0.3) [,9.4.41)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
23 Jun 2021
22 Jun 2021
Romain Manni-Bucau, Stephen Connolly
How to fix?
org.eclipse.jetty:jetty-server to version 11.0.3, 10.0.3, 9.4.41 or higher.
org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine.
Affected versions of this package are vulnerable to Information Exposure. If an exception is thrown by the
SessionListener#sessionDestroyed() method, the session ID will not be validated in the manager, which may allow the application to be left logged in on a shared computer.