Description
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
Remediation
References
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
https://security.netapp.com/advisory/ntap-20220901-0006/
https://www.debian.org/security/2022/dsa-5198
Related Vulnerabilities
CVE-2023-42795 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2021-21409 Vulnerability in maven package io.netty:netty-codec-http2
CVE-2021-41109 Vulnerability in npm package parse-server
CVE-2020-15084 Vulnerability in maven package org.webjars.npm:express-jwt
CVE-2021-21353 Vulnerability in maven package org.webjars.npm:pug-code-gen