Open mend-for-github-com[bot] opened 1 year ago
Library home page: https://eclipse.org/jetty
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/eclipse/jetty/jetty-io/9.4.33.v20201020/jetty-io-9.4.33.v20201020.jar
Dependency Hierarchy: - jetty-server-9.4.33.v20201020.jar (Root Library) - :x: **jetty-io-9.4.33.v20201020.jar** (Vulnerable Library)
Found in base branch: master
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
Publish Date: 2021-04-01
URL: CVE-2021-28165
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
Release Date: 2021-04-01
Fix Resolution (org.eclipse.jetty:jetty-io): 9.4.39.v20210325
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.4.35.v20201120
:rescue_worker_helmet: Automatic Remediation is available for this issue
CVE-2021-28165 - High Severity Vulnerability
Library home page: https://eclipse.org/jetty
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/eclipse/jetty/jetty-io/9.4.33.v20201020/jetty-io-9.4.33.v20201020.jar
Dependency Hierarchy: - jetty-server-9.4.33.v20201020.jar (Root Library) - :x: **jetty-io-9.4.33.v20201020.jar** (Vulnerable Library)
Found in base branch: master
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
Publish Date: 2021-04-01
URL: CVE-2021-28165
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
Release Date: 2021-04-01
Fix Resolution (org.eclipse.jetty:jetty-io): 9.4.39.v20210325
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.4.35.v20201120
:rescue_worker_helmet: Automatic Remediation is available for this issue