search

hshivhare67 / Jetty_v9.4.31_CVE-2023-26049

Other
0 stars 0 forks source link

CVE-2022-2048 (High) detected in http2-server-9.4.31.v20200723.jar - autoclosed #38

Closed mend-bolt-for-github[bot] closed 9 months ago

mend-bolt-for-github[bot] commented 9 months ago

CVE-2022-2048 - High Severity Vulnerability

Vulnerable Library - http2-server-9.4.31.v20200723.jar

Library home page: https://eclipse.org/jetty

Path to dependency file: /examples/embedded/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/eclipse/jetty/http2/http2-server/9.4.31.v20200723/http2-server-9.4.31.v20200723.jar,/home/wss-scanner/.m2/repository/org/eclipse/jetty/http2/http2-server/9.4.31.v20200723/http2-server-9.4.31.v20200723.jar,/home/wss-scanner/.m2/repository/org/eclipse/jetty/http2/http2-server/9.4.31.v20200723/http2-server-9.4.31.v20200723.jar

Dependency Hierarchy: - :x: **http2-server-9.4.31.v20200723.jar** (Vulnerable Library)

Found in HEAD commit: 58f30216af0fcc8c8d4ee04369790afc5494c144

Found in base branch: main

Vulnerability Details

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.

Publish Date: 2022-07-07

URL: CVE-2022-2048

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j

Release Date: 2022-07-07

Fix Resolution: 9.4.47.v20220610

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] commented 9 months ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #39

mend-bolt-for-github[bot] commented 9 months ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #39

mend-bolt-for-github[bot] commented 9 months ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #39