rbeckman-nextgen / test-mc4

0 stars 0 forks source link

Upgrade Jetty library to address CVEs #4305

Open rbeckman-nextgen opened 4 years ago

rbeckman-nextgen commented 4 years ago

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException

[https://nvd.nist.gov/vuln/detail/CVE-2018-12536#vulnCurrentDescriptionTitle]

Imported Issue. Original Details: Jira Issue Key: MIRTH-4454 Reporter: narupley Created: 2019-09-19T13:28:45.000-0700