CVE-2024-8184 (Medium) detected in jetty-server-9.4.11.v20180605.jar

[mend-bolt-for-github[bot]]

CVE-2024-8184 - Medium Severity Vulnerability

Vulnerable Library - jetty-server-9.4.11.v20180605.jar

The core jetty server artifact.

Library home page: https://webtide.com

Path to dependency file: /build.gradle

Path to vulnerable library: /.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.11.v20180605/58353c2f27515b007fc83ae22002feb34fc24714/jetty-server-9.4.11.v20180605.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.11.v20180605/58353c2f27515b007fc83ae22002feb34fc24714/jetty-server-9.4.11.v20180605.jar

Dependency Hierarchy: - :x: **jetty-server-9.4.11.v20180605.jar** (Vulnerable Library)

Found in HEAD commit: 722089816e5192b667c19cb836256ef6da8be1ac

Found in base branch: master

Vulnerability Details

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

Publish Date: 2024-10-14

URL: CVE-2024-8184

CVSS 3 Score Details (5.9)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq

Release Date: 2024-10-14

Fix Resolution: 9.4.55.v20240627

---

Step up your Open Source Security Game with Mend here