Description
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
Remediation
References
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
https://www.debian.org/security/2022/dsa-5198
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
https://security.netapp.com/advisory/ntap-20220901-0006/
Related Vulnerabilities
CVE-2020-14967 Vulnerability in maven package org.webjars.npm:jsrsasign
CVE-2023-34615 Vulnerability in maven package net.pwall.json:jsonutil
CVE-2020-36182 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2020-21125 Vulnerability in maven package com.bstek.ureport:ureport2-console
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.12