WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-2047 Vulnerability in maven package org.eclipse.jetty:jetty-http

Description

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

Remediation

References

https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q

https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html

https://security.netapp.com/advisory/ntap-20220901-0006/

https://www.debian.org/security/2022/dsa-5198

Related Vulnerabilities

CVE-2023-46133 Vulnerability in npm package crypto-es

CVE-2014-7191 Vulnerability in maven package org.webjars.npm:qs

CVE-2015-8861 Vulnerability in maven package org.webjars:handlebars

CVE-2023-40348 Vulnerability in maven package org.jenkins-ci.plugins:gogs-webhook

CVE-2021-41182 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui

Severity

Low

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Tags

Patch Third Party Advisory Mailing List