WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-2047 Vulnerability in maven package org.eclipse.jetty:jetty-http

Description

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

Remediation

References

https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q

https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html

https://security.netapp.com/advisory/ntap-20220901-0006/

https://www.debian.org/security/2022/dsa-5198

Related Vulnerabilities

CVE-2023-23936 Vulnerability in maven package org.webjars.npm:undici

CVE-2020-28472 Vulnerability in maven package org.webjars.npm:aws-sdk

CVE-2011-4343 Vulnerability in maven package org.apache.myfaces.core:myfaces-api

CVE-2022-24373 Vulnerability in npm package react-native-reanimated

CVE-2015-5175 Vulnerability in maven package org.apache.cxf.fediz:fediz-core

Severity

Low

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Tags

Patch Third Party Advisory Mailing List