Description
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2014-6560 Vulnerability (CVE-2014-6560)
WordPress Plugin 123ContactForm for WordPress Multiple Vulnerabilities (1.5.6)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9854)
Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922)
WordPress Plugin Membership Simplified Multiple SQL Injection Vulnerabilities (1.58)