org.eclipse.jetty:jetty-servlets

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.eclipse.jetty:jetty-servletspage 1 of 1

CVE-2021-28169MEDIUMCVSS 5.3EG 9.0✓ Fixed in 11.0.3
2021-06-09
vulnerable: 11.0.0, 11.0.1, 11.0.2
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-…
CVE-2023-36479LOWCVSS 3.5EG 3.5✓ Fixed in 11.0.16
2023-09-15
vulnerable: 11.0.0 ... 11.0.9 (16 versions)
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.serv…
CVE-2024-6762LOWCVSS 3.1EG 3.1✓ Fixed in 12.0.4
2024-10-14
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.
CVE-2024-9823MEDIUMCVSS 5.3EG 5.3✓ Fixed in 11.0.18
2024-10-14
vulnerable: 11.0.0 ... 11.0.9 (18 versions)
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can tri…

Check whether org.eclipse.jetty:jetty-servlets is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.eclipse.jetty:jetty-servlets CVEs against the assets you own.

Start Free Scan →