Open mend-bolt-for-github[bot] opened 1 year ago
Administrative parent pom for Jetty modules
Library home page: http://www.eclipse.org/jetty
Path to vulnerable library: /lib/jetty-io-8.1.15.v20140411.jar
Found in HEAD commit: bafe36287e51aaacdb1ab47c78bd429757cdc4f2
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Dependency Hierarchy: - :x: **jetty-io-8.1.15.v20140411.jar** (Vulnerable Library)
Found in base branch: main
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
Publish Date: 2021-04-01
URL: CVE-2021-28165
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
Release Date: 2021-04-01
Fix Resolution: 9.4.39.v20210325
Vulnerable Library - jetty-io-8.1.15.v20140411.jar
Administrative parent pom for Jetty modules
Library home page: http://www.eclipse.org/jetty
Path to vulnerable library: /lib/jetty-io-8.1.15.v20140411.jar
Found in HEAD commit: bafe36287e51aaacdb1ab47c78bd429757cdc4f2
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2021-28165
### Vulnerable Library - jetty-io-8.1.15.v20140411.jarAdministrative parent pom for Jetty modules
Library home page: http://www.eclipse.org/jetty
Path to vulnerable library: /lib/jetty-io-8.1.15.v20140411.jar
Dependency Hierarchy: - :x: **jetty-io-8.1.15.v20140411.jar** (Vulnerable Library)
Found in HEAD commit: bafe36287e51aaacdb1ab47c78bd429757cdc4f2
Found in base branch: main
### Vulnerability DetailsIn Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
Publish Date: 2021-04-01
URL: CVE-2021-28165
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
Release Date: 2021-04-01
Fix Resolution: 9.4.39.v20210325
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)