org.eclipse.jetty:jetty-http

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.eclipse.jetty:jetty-httppage 1 of 1

CVE-2022-2047LOWCVSS 2.7EG 2.7✓ Fixed in 11.0.10
2022-07-07
vulnerable: 11.0.0 ... 11.0.9 (10 versions)
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. Th…
CVE-2023-40167MEDIUMCVSS 5.3EG 5.3✓ Fixed in 12.0.1
2023-09-15
vulnerable: 12.0.0
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowe…
CVE-2024-6763LOWCVSS 3.7EG 3.7✓ Fixed in 12.0.12
2024-10-14
vulnerable: 10.0.0 ... 9.4.9.v20180320 (380 versions)
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. Howe…
CVE-2026-2332HIGHCVSS 7.4EG 7.4
2026-04-14
vulnerable: 9.4.0.v20161208 ... 9.4.9.v20180320 (74 versions)
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/20…

Check whether org.eclipse.jetty:jetty-http is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.eclipse.jetty:jetty-http CVEs against the assets you own.

Start Free Scan →