CVE-2022-2191 Vulnerability in maven package org.eclipse.jetty:jetty-server

Description

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

Remediation

References

https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28

https://security.netapp.com/advisory/ntap-20220909-0003/

Related Vulnerabilities

CVE-2023-40809 Vulnerability in maven package org.opencrx:opencrx-core-models

CVE-2023-25767 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials

CVE-2023-34610 Vulnerability in maven package com.cedarsoftware:json-io

CVE-2020-14967 Vulnerability in maven package org.webjars.npm:jsrsasign

CVE-2022-39368 Vulnerability in maven package org.eclipse.californium:scandium

Severity

High

Classification

CWE-404 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H