Eclipse Jetty.project
6 CVEs affecting Eclipse Jetty.project. Latest disclosed: 2023-10-10. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-36478 | High | 7.5 | 2023-10-10 | Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer ove… |
CVE-2023-40167 | Medium | 5.3 | 2023-09-15 | Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the con… |
CVE-2023-26048 | Medium | 5.3 | 2023-04-18 | Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `H… |
CVE-2023-41900 | Low | 3.5 | 2023-09-15 | Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `Op… |
CVE-2023-36479 | Low | 3.5 | 2023-09-15 | Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have t… |
CVE-2023-26049 | Low | 2.4 | 2023-04-18 | Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or othe… |