Description
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
Remediation
References
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
https://security.netapp.com/advisory/ntap-20220901-0006/
https://www.debian.org/security/2022/dsa-5198
Related Vulnerabilities
CVE-2020-28482 Vulnerability in npm package fastify-csrf
CVE-2020-14966 Vulnerability in npm package jsrsasign
CVE-2020-6831 Vulnerability in npm package electron
CVE-2022-23623 Vulnerability in npm package frourio
CVE-2014-7810 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-jasper