GCVE - cpe:2.3:a:eclipse_foundation:jetty:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:eclipse_foundation:jetty:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Eclipse Foundation (`2c315c48-0111-5572-bbde-cc70cfafb2e9`)
Product	Jetty (`7a64bbbd-16c0-5e74-9999-59538040d392`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-1948`	vulnerable	2026-06-03 14:59:06.845129	Eclipse Jetty HTTP clients can increase memory allocation HIGH (7.5) In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting. Published: 2025-05-08T17:48:40.831Z Updated: 2025-05-08T18:31:44.196Z Open on db.gcve.eu Reference links https://gitlab.eclipse.org/security/cve-assignement/-/issues/56 https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9823`	vulnerable	2026-06-03 14:58:22.659852	Jetty DOS vulnerability on DosFilter MEDIUM (5.3) There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally. Published: 2024-10-14T15:03:02.293Z Updated: 2025-11-03T19:35:02.369Z Open on db.gcve.eu Reference links https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h https://gitlab.eclipse.org/security/cve-assignement/-/issues/39 https://github.com/jetty/jetty.project/issues/1256	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8184`	vulnerable	2026-06-03 14:58:17.360169	Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks MEDIUM (5.9) There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. Published: 2024-10-14T15:09:37.861Z Updated: 2025-11-03T19:34:56.811Z Open on db.gcve.eu Reference links https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq https://gitlab.eclipse.org/security/cve-assignement/-/issues/30 https://github.com/jetty/jetty.project/pull/11723	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6763`	vulnerable	2026-06-03 14:58:04.096923	Jetty URI parsing of invalid authority LOW (3.7) Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks. Published: 2024-10-14T15:06:07.298Z Updated: 2025-03-07T00:10:46.301Z Open on db.gcve.eu Reference links https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh https://gitlab.eclipse.org/security/cve-assignement/-/issues/25 https://github.com/jetty/jetty.project/pull/12012	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6762`	vulnerable	2026-06-03 14:58:04.095598	Jetty PushSessionCacheFilter can cause remote DoS attacks LOW (3.1) Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. Published: 2024-10-14T15:07:10.942Z Updated: 2025-11-03T19:34:37.967Z Open on db.gcve.eu Reference links https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79 https://gitlab.eclipse.org/security/cve-assignement/-/issues/24 https://github.com/jetty/jetty.project/pull/9715 https://github.com/jetty/jetty.project/pull/9716 https://github.com/jetty/jetty.project/pull/10756	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-13009`	vulnerable	2026-06-03 14:54:23.576731	Eclipse Jetty GZIP buffer release HIGH (7.2) In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests. Published: 2025-05-08T17:29:31.380Z Updated: 2025-05-08T18:56:39.446Z Open on db.gcve.eu Reference links https://gitlab.eclipse.org/security/cve-assignement/-/issues/48 https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.