WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-2047 Vulnerability in maven package org.eclipse.jetty:jetty-http

Description

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

Remediation

References

https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q

https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html

https://security.netapp.com/advisory/ntap-20220901-0006/

https://www.debian.org/security/2022/dsa-5198

Related Vulnerabilities

CVE-2011-5063 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2022-45143 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-29016 Vulnerability in maven package io.goobi.viewer:viewer-core

CVE-2022-36899 Vulnerability in maven package com.compuware.jenkins:compuware-ispw-operations

CVE-2020-8149 Vulnerability in npm package logkitty

Severity

Low

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Tags

Patch Third Party Advisory Mailing List