Information on source package jetty9

Available versions

ReleaseVersion
stretch9.2.30-0+deb9u2
buster9.4.50-4+deb10u2
bullseye9.4.50-4+deb11u2
bookworm9.4.50-4+deb12u3
trixie9.4.56-1
sid9.4.56-1

Open issues

BugstretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-9823vulnerable (no DSA, ignored)vulnerablevulnerablevulnerablefixedfixedThere exists a security vulnerability in Jetty's DosFilter which can b ...
CVE-2024-8184fixedvulnerablevulnerablevulnerablefixedfixedThere exists a security vulnerability in Jetty's ThreadLimitHandler.ge ...
CVE-2024-6763fixedvulnerablevulnerablevulnerablevulnerablevulnerableEclipse Jetty is a lightweight, highly scalable, Java-based web server ...
CVE-2024-6762fixedvulnerablevulnerablevulnerablevulnerablevulnerableJetty PushSessionCacheFilter can be exploited by unauthenticated users ...
CVE-2023-40167vulnerable (no DSA)fixedfixedfixedfixedfixedJetty is a Java based web server and servlet engine. Prior to versions ...
CVE-2023-36479vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedEclipse Jetty Canonical Repository is the canonical repository for the ...
CVE-2023-26049vulnerable (no DSA)fixedfixedfixedfixedfixedJetty is a java based web server and servlet engine. Nonstandard cooki ...
CVE-2023-26048vulnerable (no DSA)fixedfixedfixedfixedfixedJetty is a java based web server and servlet engine. In affected versi ...
CVE-2022-2047vulnerable (no DSA, postponed)fixedfixedfixedfixedfixedIn Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, a ...
CVE-2021-28165vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedIn Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0. ...
CVE-2020-27218vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedIn Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 ...

Resolved issues

BugDescription
CVE-2024-22201Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...
CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consum ...
CVE-2023-41900Jetty is a Java based web server and servlet engine. Versions 9.4.21 t ...
CVE-2023-36478Eclipse Jetty provides a web server and servlet container. In versions ...
CVE-2022-2191In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 v ...
CVE-2022-2048In Eclipse Jetty HTTP/2 server implementation, when encountering an in ...
CVE-2021-34429For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0. ...
CVE-2021-34428For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exce ...
CVE-2021-28169For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is poss ...
CVE-2021-28164In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...
CVE-2021-28163In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...
CVE-2020-27223In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0 ...
CVE-2020-27216In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thr ...
CVE-2019-17638In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in ca ...
CVE-2019-17632In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4. ...
CVE-2019-10247In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, ...
CVE-2019-10246In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server runnin ...
CVE-2019-10241In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.1 ...
CVE-2018-12545In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to ...
CVE-2018-12538In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional ...
CVE-2018-12536In Eclipse Jetty Server, all 9.x versions, on webapps deployed using d ...
CVE-2017-9735Jetty through 9.4.x is prone to a timing channel in util/security/Pass ...
CVE-2017-7658In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP ...
CVE-2017-7657In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations) ...
CVE-2017-7656In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations) ...
CVE-2016-4800The path normalization mechanism in PathResource class in Eclipse Jett ...

Security announcements

DSA / DLADescription
DSA-5664-1jetty9 - security update
DLA-3780-1jetty9 - security update
DSA-5540-1jetty9 - security update
DLA-3641-1jetty9 - security update
DLA-3592-1jetty9 - security update
DSA-5507-1jetty9 - security update
DLA-3079-1jetty9 - security update
DSA-5198-1jetty9 - security update
DSA-4949-1jetty9 - security update
DLA-2688-1jetty9 - security update
DLA-2661-1jetty9 - security update
DSA-4278-1jetty9 - security update

Search for package or bug name: Reporting problems