-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Security: jetty/jetty.project
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Connection leaking on idle timeout when TCP congestedGHSA-rggv-cv7r-mw98 published
Feb 26, 2024 by joakimeHigh -
Jetty accepts "+" prefixed value in Content-LengthGHSA-hmr7-m48g-48f6 published
Sep 14, 2023 by sbordetModerate -
XmlParser is allows arbitrary DOCTYPE declarationsGHSA-58qw-p7qm-5rvh published
Jul 10, 2023 by gregwLow -
Errant command quoting in `org.eclipse.jetty.servlets.CGI` ServletGHSA-3gh6-v5v9-6v9j published
Sep 14, 2023 by sbordetLow -
HTTP/2 HPACK, and HTTP/3 QPACK integer overflow and buffer allocationGHSA-wgh7-54f2-x98r published
Oct 10, 2023 by jmcc0nn3llHigh -
OpenId Revoked authentication allows one requestGHSA-pwh8-58vv-vw48 published
Sep 14, 2023 by sbordetLow -
Cookie parsing of quoted values can exfiltrate values from other cookiesGHSA-p26g-97m4-6q7c published
Apr 18, 2023 by jmcc0nn3llLow -
OutOfMemoryError for large multipart without filename read via request.getParameter()GHSA-qw69-rqj8-6qw8 published
Apr 18, 2023 by jmcc0nn3llModerate -
SslConnection does not release pooled ByteBuffers in case of errorsGHSA-8mpp-f3f7-xc28 published
Jul 7, 2022 by waynebeatonHigh -
Invalid URI parsing may produce invalid HttpURI.authorityGHSA-cj7v-27pg-wf7q published
Jul 7, 2022 by waynebeatonLow