Known Vulnerabilities for Jetty by Eclipse
Listed below are 10 of the newest known vulnerabilities associated with "Jetty" by "Eclipse".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-34429 | For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to... | 5.3 - MEDIUM | 2021-07-15 | 2023-11-07 |
| CVE-2021-34428 | For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroy... | 3.5 - LOW | 2021-06-22 | 2023-11-07 |
| CVE-2021-28169 | For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly en... | 5.3 - MEDIUM | 2021-06-09 | 2023-11-07 |
| CVE-2021-28165 | In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receivi... | 7.5 - HIGH | 2021-04-01 | 2023-11-07 |
| CVE-2021-28164 | In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e... | 5.3 - MEDIUM | 2021-04-01 | 2023-11-07 |
| CVE-2021-28163 | In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory tha... | 2.7 - LOW | 2021-04-01 | 2023-11-07 |
| CVE-2020-27223 | In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing ... | 5.3 - MEDIUM | 2021-02-26 | 2023-11-07 |
| CVE-2020-27218 | In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if ... | 4.8 - MEDIUM | 2020-11-28 | 2023-11-07 |
| CVE-2020-27216 | In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, o... | 7 - HIGH | 2020-10-23 | 2023-11-07 |
| CVE-2019-10241 | In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions... | 6.1 - MEDIUM | 2019-04-22 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Eclipse | Jetty | 9.4.9 | All | All | All |
| Application | Eclipse | Jetty | 9.4.9 | 20180320 | All | All |
| Application | Eclipse | Jetty | 9.4.8 | All | All | All |
| Application | Eclipse | Jetty | 9.4.8 | 20171121 | All | All |
| Application | Eclipse | Jetty | 9.4.8 | 20180619 | All | All |
| Application | Eclipse | Jetty | 9.4.7 | All | All | All |
| Application | Eclipse | Jetty | 9.4.7 | 20170914 | All | All |
| Application | Eclipse | Jetty | 9.4.7 | 20180619 | All | All |
| Application | Eclipse | Jetty | 9.4.7 | rc0 | All | All |
| Application | Eclipse | Jetty | 9.4.6 | All | All | All |
| Application | Eclipse | Jetty | 9.4.6 | 20170531 | All | All |
| Application | Eclipse | Jetty | 9.4.6 | 20180619 | All | All |
| Application | Eclipse | Jetty | 9.4.5 | All | All | All |
| Application | Eclipse | Jetty | 9.4.5 | 20170502 | All | All |
| Application | Eclipse | Jetty | 9.4.5 | 20180619 | All | All |
| Application | Eclipse | Jetty | 9.4.4 | All | All | All |
| Application | Eclipse | Jetty | 9.4.4 | 20170410 | All | All |
| Application | Eclipse | Jetty | 9.4.4 | 20170414 | All | All |
| Application | Eclipse | Jetty | 9.4.4 | 20180619 | All | All |
| Application | Eclipse | Jetty | 9.4.35 | All | All | All |