pkg:Maven/org.eclipse.jetty:jetty-server

26 total CVEsCRITICAL4HIGH9MEDIUM10LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2017-7658Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
    from 0, < 9.2.25.v20180606
  • CRITICAL9.8CVE-2016-4800Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
    >= 9.3.0, < 9.3.9
  • CRITICAL9.8CVE-2017-7657Critical severity vulnerability that affects org.eclipse.jetty:jetty-server
    from 0, < 9.2.25.v20180606
  • CRITICAL9.4CVE-2019-17638Operation on a Resource after Expiration or Release in Jetty Server
    >= 9.4.27, < 9.4.30.v20200611
  • HIGH8.8CVE-2018-12538Access and integrity issue within Eclipse Jetty
    >= 9.4.0, < 9.4.11.v20180605
  • HIGH7.5CVE-2026-1605The Eclipse Jetty Server Artifact has a Gzip request memory leak
    >= 12.1.0, < 12.1.6
  • HIGH7.5CVE-2022-2191Jetty SslConnection does not release pooled ByteBuffers in case of errors
    >= 10.0.0, < 10.0.10
  • HIGH7.5CVE-2021-28165Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources
    >= 7.2.2, < 9.4.39
  • HIGH7.5CVE-2018-12545Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
    >= 9.4.0, < 9.4.12.v20180830
  • HIGH7.5CVE-2015-2080Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
    from 0, < 9.2.9.v20150224
  • HIGH7.5CVE-2017-7656jetty9 - security update
    from 0, < 9.3.24.v20180605
  • HIGH7.5CVE-2017-9735jetty9 - security update
    >= 9.4.0, < 9.4.6.v20170531
  • HIGH7.2CVE-2024-13009jetty9 - security update
    >= 9.4.0, < 9.4.57.v20241219
  • MEDIUM6.1CVE-2019-17632Unescaped exception messages in error responses in Jetty
    >= 9.4.21.v20190926, < 9.4.24.v20191120
  • MEDIUM6.1CVE-2019-10241jetty9 - security update
    from 0, < 9.2.27.v20190403
  • MEDIUM5.9CVE-2024-8184Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
    >= 12.0.0, < 12.0.9
  • MEDIUM5.3CVE-2023-26048jetty9 - security update
    from 0, < 9.4.51.v20230217
  • MEDIUM5.3CVE-2011-4461Improper Input Validation in Jetty
    from 0, < 8.1.0.RC4
  • MEDIUM5.3CVE-2020-27223DOS vulnerability for Quoted Quality CSV headers
    >= 9.4.6, < 9.4.37
  • MEDIUM5.3CVE-2019-10246Information Exposure vulnerability in Eclipse Jetty
    >= 9.2.0, < 9.2.28.v20190418
  • MEDIUM5.3CVE-2019-10247Installation information leak in Eclipse Jetty
    >= 7.0.0, < 9.2.28.v20190418
  • MEDIUM5.3CVE-2018-12536Eclipse Jetty Server generates error message containing sensitive information
    >= 9.4.0, < 9.4.11.v20180605
  • MEDIUM4.8CVE-2020-27218Buffer not correctly recycled in Gzip Request inflation
    >= 9.4.0, < 9.4.35.v20201120
  • LOW3.5CVE-2021-34428SessionListener can prevent a session from being invalidated breaking logout
    from 0, < 9.4.41
  • LOW2.4CVE-2023-26049Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
    from 0, < 9.4.51.v20230217
  • CVE-2006-6969Jetty Uses Predictable Session Identifiers
    from 0, < 4.2.27