Description
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
Remediation
References
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
https://security.netapp.com/advisory/ntap-20220901-0006/
https://www.debian.org/security/2022/dsa-5198
Related Vulnerabilities
CVE-2011-5063 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2022-45143 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-29016 Vulnerability in maven package io.goobi.viewer:viewer-core
CVE-2022-36899 Vulnerability in maven package com.compuware.jenkins:compuware-ispw-operations