Description
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
Remediation
References
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
https://security.netapp.com/advisory/ntap-20220901-0006/
https://www.debian.org/security/2022/dsa-5198
Related Vulnerabilities
CVE-2023-46133 Vulnerability in npm package crypto-es
CVE-2014-7191 Vulnerability in maven package org.webjars.npm:qs
CVE-2015-8861 Vulnerability in maven package org.webjars:handlebars
CVE-2023-40348 Vulnerability in maven package org.jenkins-ci.plugins:gogs-webhook
CVE-2021-41182 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui