Description

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

Remediation

References

https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q

https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html

https://security.netapp.com/advisory/ntap-20220901-0006/

https://www.debian.org/security/2022/dsa-5198

Related Vulnerabilities

CVE-2022-31159 Vulnerability in maven package com.amazonaws:aws-java-sdk-s3

CVE-2021-24033 Vulnerability in npm package react-dev-utils

CVE-2022-21129 Vulnerability in npm package nemo-appium

CVE-2022-22984 Vulnerability in npm package snyk-mvn-plugin

CVE-2022-31147 Vulnerability in npm package jquery-validation

Severity

Low

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Tags

Patch Third Party Advisory Mailing List