🔐 CVE-2024-6762: org.eclipse.jetty:jetty-servlets:jar:9.4.53.v20231009:test

[github-actions[bot]]

Summary

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-6762 for details

CVE: CVE-2024-6762 CWE: CWE-400

References

• https://ossindex.sonatype.org/vulnerability/CVE-2024-6762?component-type=maven&component-name=org.eclipse.jetty%2Fjetty-servlets&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-6762
• https://github.com/jetty/jetty.project/pull/10755
• https://github.com/jetty/jetty.project/pull/10756
• https://github.com/jetty/jetty.project/pull/9715
• https://github.com/jetty/jetty.project/pull/9716
• https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79