Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-912
Vulnerability from certfr_avis - Published: 2021-12-01 - Updated: 2021-12-02
De multiples vulnérabilités ont été découvertes dans IBM Qradar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM 7.4.x versions ant\u00e9rieures \u00e0 7.4.3 Fix Pack 4",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM 7.3.x versions ant\u00e9rieures \u00e0 7.3.3 Fix Pack 10",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2021-32027",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32027"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2020-27777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2019-12735",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2018-8029",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8029"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2021-22696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
},
{
"name": "CVE-2021-28163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2018-11768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11768"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2019-20916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
},
{
"name": "CVE-2020-13954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13954"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2021-32028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32028"
},
{
"name": "CVE-2018-12020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2020-7226",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7226"
},
{
"name": "CVE-2018-18751",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
},
{
"name": "CVE-2017-15713",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15713"
},
{
"name": "CVE-2017-15804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15804"
}
],
"initial_release_date": "2021-12-01T00:00:00",
"last_revision_date": "2021-12-02T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-912",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-01T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 IBM 6520674 du 30 novembre 2021.",
"revision_date": "2021-12-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Qradar.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Qradar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6520480 du 30 novembre 2021",
"url": "https://www.ibm.com/support/pages/node/6520480"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6520472 du 30 novembre 2021",
"url": "https://www.ibm.com/support/pages/node/6520472"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6520674 du 30 novembre 2021",
"url": "https://www.ibm.com/support/pages/node/6520674"
}
]
}
CVE-2020-1971 (GCVE-0-2020-1971)
Vulnerability from cvelistv5 – Published: 2020-12-08 15:30 – Updated: 2026-05-29 15:40
VLAI
EPSS
Title
EDIPARTYNAME NULL pointer dereference
Summary
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- NULL pointer dereference
- CWE-476 - NULL Pointer Dereference
Assigner
References
26 references
Impacted products
Date Public
2020-12-08 00:00
Credits
David Benjamin (Google)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20201208.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
},
{
"name": "DSA-4807",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4807"
},
{
"name": "FreeBSD-SA-20:33",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc"
},
{
"name": "[debian-lts-announce] 20201214 [SECURITY] [DLA 2493-1] openssl1.0 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html"
},
{
"name": "[debian-lts-announce] 20201214 [SECURITY] [DLA 2492-1] openssl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html"
},
{
"name": "FEDORA-2020-ef1870065a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/"
},
{
"name": "[pulsar-commits] 20201216 [GitHub] [pulsar] phijohns-tibco opened a new issue #8978: OpenSSL needs to be updated to 1.1.1i current version is unsupported.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "FEDORA-2020-a31b01e945",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/"
},
{
"name": "GLSA-202012-13",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-13"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201218-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676"
},
{
"name": "[tomcat-dev] 20210207 [Bug 65126] New: A security vulnerability cve-2020-1971 in Tomcat dependency Library in version 9.0.40.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-1971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T15:40:23.131860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T15:40:28.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "David Benjamin (Google)"
}
],
"datePublic": "2020-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\u0027s s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\u0027s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#High",
"value": "High"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL pointer dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:06:11.147Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"url": "https://www.openssl.org/news/secadv/20201208.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
},
{
"name": "DSA-4807",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4807"
},
{
"name": "FreeBSD-SA-20:33",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc"
},
{
"name": "[debian-lts-announce] 20201214 [SECURITY] [DLA 2493-1] openssl1.0 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html"
},
{
"name": "[debian-lts-announce] 20201214 [SECURITY] [DLA 2492-1] openssl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html"
},
{
"name": "FEDORA-2020-ef1870065a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/"
},
{
"name": "[pulsar-commits] 20201216 [GitHub] [pulsar] phijohns-tibco opened a new issue #8978: OpenSSL needs to be updated to 1.1.1i current version is unsupported.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "FEDORA-2020-a31b01e945",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/"
},
{
"name": "GLSA-202012-13",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202012-13"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"url": "https://security.netapp.com/advisory/ntap-20201218-0005/"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676"
},
{
"name": "[tomcat-dev] 20210207 [Bug 65126] New: A security vulnerability cve-2020-1971 in Tomcat dependency Library in version 9.0.40.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "EDIPARTYNAME NULL pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2020-1971",
"datePublished": "2020-12-08T15:30:16.835Z",
"dateReserved": "2019-12-03T00:00:00.000Z",
"dateUpdated": "2026-05-29T15:40:28.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-27777 (GCVE-0-2020-27777)
Vulnerability from cvelistv5 – Published: 2020-12-15 16:57 – Updated: 2024-08-04 16:25
VLAI
EPSS
Summary
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1900844 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://git.kernel.org/pub/scm/linux/kernel/git/p… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:42.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900844"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/10/09/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/11/23/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next\u0026id=bd59380c5ba4147dcbaad3e582b55ccfd120b764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.10-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T16:57:45.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900844"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/10/09/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/11/23/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next\u0026id=bd59380c5ba4147dcbaad3e582b55ccfd120b764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-27777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.10-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1900844",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900844"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/10/09/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/10/09/1"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/11/23/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/11/23/2"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next\u0026id=bd59380c5ba4147dcbaad3e582b55ccfd120b764",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next\u0026id=bd59380c5ba4147dcbaad3e582b55ccfd120b764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27777",
"datePublished": "2020-12-15T16:57:45.000Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:25:42.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7226 (GCVE-0-2020-7226)
Vulnerability from cvelistv5 – Published: 2020-01-24 14:17 – Updated: 2024-08-04 09:25
VLAI
EPSS
Summary
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[ws-dev] 20200219 [jira] [Created] (WSS-665) Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc36b75cabb4d700b48035d15ad8b8c2712bb32123572a1bdaec2510a%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-commits] 20200219 [ws-wss4j] branch 2_2_x-fixes updated: WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re04e4f8f0d095387fb6b0ff9016a0af8c93f42e1de93b09298bfa547%40%3Ccommits.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20200219 [jira] [Resolved] (WSS-665) Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfa4647c58e375996e62a9094bffff6dc350ec311ba955b430e738945%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-commits] 20200219 [ws-wss4j] branch master updated: WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r380781f5b489cb3c818536cd3b3757e806bfe0bca188591e0051ac03%40%3Ccommits.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20200318 [jira] [Closed] (WSS-665) Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re7f46c4cc29a4616e0aa669c84a0eb34832e83a8eef05189e2e59b44%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r209de85beae4d257d27fc577e3a3e97039bdb4c2dc6f4a8e5a5a5811%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0847c7eb78c8f9e87d5b841fbd5da52b2ad4b4345e04b51c30621d88%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210426 [jira] [Commented] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2237a27040b57adc2fcc5570bd530ad2038e67fcb2a3ce65283d3143%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210426 [jira] [Updated] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r77c48cd851f60833df9a9c9c31f12243508e15d1b2a0961066d44fc6%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210426 [jira] [Comment Edited] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4a62133ad01d5f963755021027a4cce23f76b8674a13860d2978c7c8%40%3Ccommits.tomee.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vt-middleware/cryptacular/blob/master/src/main/java/org/cryptacular/CiphertextHeader.java#L153"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vt-middleware/cryptacular/issues/52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vt-middleware/cryptacular/blob/fafccd07ab1214e3588a35afe3c361519129605f/src/main/java/org/cryptacular/CiphertextHeader.java#L153"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apereo/cas/pull/4685"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apereo/cas/commit/8810f2b6c71d73341d4dde6b09a18eb46cfd6d45"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apereo/cas/commit/93b1c3e9d90e36a19d0fa0f6efb863c6f0235e75"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apereo/cas/commit/a042808d6adbbf44753d52c55cac5f533e24101f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with \"new byte\" may depend on untrusted input within the header of encoded data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:23:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[ws-dev] 20200219 [jira] [Created] (WSS-665) Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc36b75cabb4d700b48035d15ad8b8c2712bb32123572a1bdaec2510a%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-commits] 20200219 [ws-wss4j] branch 2_2_x-fixes updated: WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re04e4f8f0d095387fb6b0ff9016a0af8c93f42e1de93b09298bfa547%40%3Ccommits.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20200219 [jira] [Resolved] (WSS-665) Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfa4647c58e375996e62a9094bffff6dc350ec311ba955b430e738945%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-commits] 20200219 [ws-wss4j] branch master updated: WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r380781f5b489cb3c818536cd3b3757e806bfe0bca188591e0051ac03%40%3Ccommits.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20200318 [jira] [Closed] (WSS-665) Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re7f46c4cc29a4616e0aa669c84a0eb34832e83a8eef05189e2e59b44%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r209de85beae4d257d27fc577e3a3e97039bdb4c2dc6f4a8e5a5a5811%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0847c7eb78c8f9e87d5b841fbd5da52b2ad4b4345e04b51c30621d88%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210426 [jira] [Commented] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2237a27040b57adc2fcc5570bd530ad2038e67fcb2a3ce65283d3143%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210426 [jira] [Updated] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r77c48cd851f60833df9a9c9c31f12243508e15d1b2a0961066d44fc6%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210426 [jira] [Comment Edited] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4a62133ad01d5f963755021027a4cce23f76b8674a13860d2978c7c8%40%3Ccommits.tomee.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vt-middleware/cryptacular/blob/master/src/main/java/org/cryptacular/CiphertextHeader.java#L153"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vt-middleware/cryptacular/issues/52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vt-middleware/cryptacular/blob/fafccd07ab1214e3588a35afe3c361519129605f/src/main/java/org/cryptacular/CiphertextHeader.java#L153"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apereo/cas/pull/4685"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apereo/cas/commit/8810f2b6c71d73341d4dde6b09a18eb46cfd6d45"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apereo/cas/commit/93b1c3e9d90e36a19d0fa0f6efb863c6f0235e75"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apereo/cas/commit/a042808d6adbbf44753d52c55cac5f533e24101f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with \"new byte\" may depend on untrusted input within the header of encoded data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[ws-dev] 20200219 [jira] [Created] (WSS-665) Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc36b75cabb4d700b48035d15ad8b8c2712bb32123572a1bdaec2510a@%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-commits] 20200219 [ws-wss4j] branch 2_2_x-fixes updated: WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re04e4f8f0d095387fb6b0ff9016a0af8c93f42e1de93b09298bfa547@%3Ccommits.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20200219 [jira] [Resolved] (WSS-665) Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfa4647c58e375996e62a9094bffff6dc350ec311ba955b430e738945@%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-commits] 20200219 [ws-wss4j] branch master updated: WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r380781f5b489cb3c818536cd3b3757e806bfe0bca188591e0051ac03@%3Ccommits.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20200318 [jira] [Closed] (WSS-665) Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re7f46c4cc29a4616e0aa669c84a0eb34832e83a8eef05189e2e59b44@%3Cdev.ws.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r209de85beae4d257d27fc577e3a3e97039bdb4c2dc6f4a8e5a5a5811@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0847c7eb78c8f9e87d5b841fbd5da52b2ad4b4345e04b51c30621d88@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210426 [jira] [Commented] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2237a27040b57adc2fcc5570bd530ad2038e67fcb2a3ce65283d3143@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210426 [jira] [Updated] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r77c48cd851f60833df9a9c9c31f12243508e15d1b2a0961066d44fc6@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210426 [jira] [Comment Edited] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a62133ad01d5f963755021027a4cce23f76b8674a13860d2978c7c8@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://github.com/vt-middleware/cryptacular/blob/master/src/main/java/org/cryptacular/CiphertextHeader.java#L153",
"refsource": "MISC",
"url": "https://github.com/vt-middleware/cryptacular/blob/master/src/main/java/org/cryptacular/CiphertextHeader.java#L153"
},
{
"name": "https://github.com/vt-middleware/cryptacular/issues/52",
"refsource": "MISC",
"url": "https://github.com/vt-middleware/cryptacular/issues/52"
},
{
"name": "https://github.com/vt-middleware/cryptacular/blob/fafccd07ab1214e3588a35afe3c361519129605f/src/main/java/org/cryptacular/CiphertextHeader.java#L153",
"refsource": "MISC",
"url": "https://github.com/vt-middleware/cryptacular/blob/fafccd07ab1214e3588a35afe3c361519129605f/src/main/java/org/cryptacular/CiphertextHeader.java#L153"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://github.com/apereo/cas/pull/4685",
"refsource": "MISC",
"url": "https://github.com/apereo/cas/pull/4685"
},
{
"name": "https://github.com/apereo/cas/commit/8810f2b6c71d73341d4dde6b09a18eb46cfd6d45",
"refsource": "MISC",
"url": "https://github.com/apereo/cas/commit/8810f2b6c71d73341d4dde6b09a18eb46cfd6d45"
},
{
"name": "https://github.com/apereo/cas/commit/93b1c3e9d90e36a19d0fa0f6efb863c6f0235e75",
"refsource": "MISC",
"url": "https://github.com/apereo/cas/commit/93b1c3e9d90e36a19d0fa0f6efb863c6f0235e75"
},
{
"name": "https://github.com/apereo/cas/commit/a042808d6adbbf44753d52c55cac5f533e24101f",
"refsource": "MISC",
"url": "https://github.com/apereo/cas/commit/a042808d6adbbf44753d52c55cac5f533e24101f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7226",
"datePublished": "2020-01-24T14:17:16.000Z",
"dateReserved": "2020-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:25:48.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9492 (GCVE-0-2020-9492)
Vulnerability from cvelistv5 – Published: 2021-01-26 12:55 – Updated: 2024-08-04 10:26
VLAI
EPSS
Summary
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
Severity
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
16 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Apache Hadoop |
Affected:
Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, 2.0.0-alpha to 2.10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E"
},
{
"name": "[announce] 20210125 [CVE-2020-9492] Apache Hadoop Potential privilege escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710%40%3Cannounce.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson opened a new pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210225 [GitHub] [druid] liangrui1988 commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[solr-issues] 20210419 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210419 [jira] [Created] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210702 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211016 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211015 [jira] [Resolved] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211020 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211022 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Hadoop",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, 2.0.0-alpha to 2.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:24:22.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E"
},
{
"name": "[announce] 20210125 [CVE-2020-9492] Apache Hadoop Potential privilege escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710%40%3Cannounce.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson opened a new pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210225 [GitHub] [druid] liangrui1988 commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[solr-issues] 20210419 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210419 [jira] [Created] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210702 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211016 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211015 [jira] [Resolved] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211020 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211022 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-9492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hadoop",
"version": {
"version_data": [
{
"version_value": "Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, 2.0.0-alpha to 2.10.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E"
},
{
"name": "[announce] 20210125 [CVE-2020-9492] Apache Hadoop Potential privilege escalation",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson opened a new pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210225 [GitHub] [druid] liangrui1988 commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[solr-issues] 20210419 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210419 [jira] [Created] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210702 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211016 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211015 [jira] [Resolved] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211020 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211022 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210304-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210304-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-9492",
"datePublished": "2021-01-26T12:55:29.000Z",
"dateReserved": "2020-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:26:16.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22555 (GCVE-0-2021-22555)
Vulnerability from cvelistv5 – Published: 2021-07-07 11:20 – Updated: 2025-12-30 20:32
VLAI
EPSS
Title
Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
Summary
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
Severity
8.3 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://github.com/google/security-research/secur… | x_refsource_MISC |
| https://git.kernel.org/pub/scm/linux/kernel/git/t… | x_refsource_MISC |
| https://git.kernel.org/pub/scm/linux/kernel/git/t… | x_refsource_MISC |
| http://packetstormsecurity.com/files/163528/Linux… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2021080… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/163878/Kerne… | x_refsource_MISC |
| http://packetstormsecurity.com/files/164155/Kerne… | x_refsource_MISC |
| http://packetstormsecurity.com/files/164437/Netfi… | x_refsource_MISC |
| http://packetstormsecurity.com/files/165477/Kerne… | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Linux Kernel |
Affected:
2.6.19-rc1 , < unspecified
(custom)
|
Date Public
2021-07-04 00:00
Credits
Andy Nguyen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210805-0010/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22555",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-04T03:55:24.534831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-06",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22555"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T20:32:33.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22555"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Linux Kernel",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.6.19-rc1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andy Nguyen"
}
],
"datePublic": "2021-07-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-06T19:06:15.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210805-0010/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"DATE_PUBLIC": "2021-07-04T10:00:00.000Z",
"ID": "CVE-2021-22555",
"STATE": "PUBLIC",
"TITLE": "Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux Kernel",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.6.19-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andy Nguyen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528",
"refsource": "MISC",
"url": "https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d"
},
{
"name": "http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210805-0010/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210805-0010/"
},
{
"name": "http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html"
},
{
"name": "http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html"
},
{
"name": "http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html"
},
{
"name": "http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2021-22555",
"datePublished": "2021-07-07T11:20:10.668Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2025-12-30T20:32:33.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-22696 (GCVE-0-2021-22696)
Vulnerability from cvelistv5 – Published: 2021-04-02 10:05 – Updated: 2025-02-13 16:27
VLAI
EPSS
Title
OAuth 2 authorization service vulnerable to DDos attacks
Summary
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.
Severity
No CVSS data available.
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://cxf.apache.org/security-advisories.data/C… | x_refsource_MISC |
| https://lists.apache.org/thread.html/r8651c06212c… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/04/02/2 | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r8651c06212c… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/rec7160382ba… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r6445001cc5f… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/rfb87e0bf399… | mailing-listx_refsource_MLIST |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
unspecified , < 3.4.3
(custom)
Affected: unspecified , < 3.3.10 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc"
},
{
"name": "[cxf-dev] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914%40%3Cdev.cxf.apache.org%3E"
},
{
"name": "[oss-security] 20210402 CVE-2021-22696: Apache CXF: OAuth 2 authorization service vulnerable to DDos attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/02/2"
},
{
"name": "[cxf-users] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914%40%3Cusers.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[announce] 20210402 [Apache CXF] CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045%40%3Cannounce.apache.org%3E"
},
{
"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.3.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a \"request\" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the \"request_uri\" parameter. CXF was not validating the \"request_uri\" parameter (apart from ensuring it uses \"https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:32.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc"
},
{
"name": "[cxf-dev] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914%40%3Cdev.cxf.apache.org%3E"
},
{
"name": "[oss-security] 20210402 CVE-2021-22696: Apache CXF: OAuth 2 authorization service vulnerable to DDos attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/02/2"
},
{
"name": "[cxf-users] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914%40%3Cusers.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[announce] 20210402 [Apache CXF] CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045%40%3Cannounce.apache.org%3E"
},
{
"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OAuth 2 authorization service vulnerable to DDos attacks",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-22696",
"STATE": "PUBLIC",
"TITLE": "OAuth 2 authorization service vulnerable to DDos attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache CXF",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.4.3"
},
{
"version_affected": "\u003c",
"version_value": "3.3.10"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a \"request\" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the \"request_uri\" parameter. CXF was not validating the \"request_uri\" parameter (apart from ensuring it uses \"https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc",
"refsource": "MISC",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc"
},
{
"name": "[cxf-dev] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E"
},
{
"name": "[oss-security] 20210402 CVE-2021-22696: Apache CXF: OAuth 2 authorization service vulnerable to DDos attacks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/02/2"
},
{
"name": "[cxf-users] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[announce] 20210402 [Apache CXF] CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E"
},
{
"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-22696",
"datePublished": "2021-04-02T10:05:14.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:45.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27219 (GCVE-0-2021-27219)
Vulnerability from cvelistv5 – Published: 2021-02-15 16:27 – Updated: 2024-08-03 20:40
VLAI
EPSS
Summary
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://gitlab.gnome.org/GNOME/glib/-/issues/2319 | x_refsource_MISC |
| https://lists.apache.org/thread.html/rf9fa47ab664… | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.netapp.com/advisory/ntap-2021031… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202107-13 | vendor-advisoryx_refsource_GENTOO |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2319"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "FEDORA-2021-7c71cda8da",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
},
{
"name": "FEDORA-2021-7b5e2e6844",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"name": "GLSA-202107-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T16:06:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2319"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "FEDORA-2021-7c71cda8da",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
},
{
"name": "FEDORA-2021-7b5e2e6844",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"name": "GLSA-202107-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/glib/-/issues/2319",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2319"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
},
{
"name": "FEDORA-2021-7c71cda8da",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210319-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
},
{
"name": "FEDORA-2021-7b5e2e6844",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"name": "GLSA-202107-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27219",
"datePublished": "2021-02-15T16:27:38.000Z",
"dateReserved": "2021-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:40:47.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28163 (GCVE-0-2021-28163)
Vulnerability from cvelistv5 – Published: 2021-04-01 14:20 – Updated: 2024-08-03 21:40
VLAI
EPSS
Summary
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
Severity
CWE
Assigner
References
26 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Affected:
9.4.32 , < unspecified
(custom)
Affected: unspecified , ≤ 9.4.38 (custom) Affected: 10.0.0.beta2 , < unspecified (custom) Affected: unspecified , ≤ 10.0.1 (custom) Affected: 11.0.0.beta2 , < unspecified (custom) Affected: unspecified , ≤ 11.0.1 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Created] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "FEDORA-2021-444e38face",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/"
},
{
"name": "FEDORA-2021-35f06984d7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/"
},
{
"name": "FEDORA-2021-fd66b2bd53",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/"
},
{
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
},
{
"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eclipse Jetty",
"vendor": "The Eclipse Foundation",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "9.4.32",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.4.38",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "10.0.0.beta2",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "11.0.0.beta2",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:54:15.000Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Created] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "FEDORA-2021-444e38face",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/"
},
{
"name": "FEDORA-2021-35f06984d7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/"
},
{
"name": "FEDORA-2021-fd66b2bd53",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/"
},
{
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
},
{
"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2021-28163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Jetty",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "9.4.32"
},
{
"version_affected": "\u003c=",
"version_value": "9.4.38"
},
{
"version_affected": "\u003e=",
"version_value": "10.0.0.beta2"
},
{
"version_affected": "\u003c=",
"version_value": "10.0.1"
},
{
"version_affected": "\u003e=",
"version_value": "11.0.0.beta2"
},
{
"version_affected": "\u003c=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory."
}
]
},
"impact": {
"cvss": {
"baseScore": 2.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Created] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3@%3Cissues.solr.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E"
},
{
"name": "FEDORA-2021-444e38face",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/"
},
{
"name": "FEDORA-2021-35f06984d7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/"
},
{
"name": "FEDORA-2021-fd66b2bd53",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/"
},
{
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210611-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
},
{
"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2021-28163",
"datePublished": "2021-04-01T14:20:13.000Z",
"dateReserved": "2021-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:40:12.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28165 (GCVE-0-2021-28165)
Vulnerability from cvelistv5 – Published: 2021-04-01 14:20 – Updated: 2025-08-27 20:37
VLAI
EPSS
Summary
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
107 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Affected:
7.2.2 , < unspecified
(custom)
Affected: unspecified , ≤ 9.4.38 (custom) Affected: 10.0.0.alpha0 , < unspecified (custom) Affected: unspecified , ≤ 10.0.1 (custom) Affected: 11.0.0.alpha0 , < unspecified (custom) Affected: unspecified , ≤ 11.0.1 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[hbase-dev] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b%40%3Cdev.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210407 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] HyukjinKwon commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Resolved] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk closed pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun edited a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-commits] 20210408 [spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78%40%3Ccommits.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun closed pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] viirya commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-commits] 20210408 [spark] branch branch-2.4 updated: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97%40%3Ccommits.spark.apache.org%3E"
},
{
"name": "[hbase-issues] 20210408 [GitHub] [hbase-thirdparty] apurtell merged pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210408 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210408 [hbase-thirdparty] branch master updated: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165 (#49)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1%40%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210409 [GitHub] [pulsar] dinghram opened a new pull request #10183: CVE-2021-28165-Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210409 [GitHub] [pulsar] merlimat commented on pull request #10183: CVE-2021-28165-Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai closed pull request #10183: CVE-2021-28165-Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai commented on pull request #10183: CVE-2021-28165-Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [jira] [Assigned] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 merged pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [GitHub] [kafka] edwin092 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[oss-security] 20210420 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/20/3"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[kafka-jira] 20210715 [jira] [Commented] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a%40%3Cjira.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
},
{
"name": "DSA-4949",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4949"
},
{
"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-28165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T20:37:21.074048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:37:23.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Eclipse Jetty",
"vendor": "The Eclipse Foundation",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.2.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.4.38",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "10.0.0.alpha0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "11.0.0.alpha0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-551",
"description": "CWE-551",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:54:20.000Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[hbase-dev] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b%40%3Cdev.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210407 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] HyukjinKwon commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Resolved] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk closed pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun edited a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-commits] 20210408 [spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78%40%3Ccommits.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun closed pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] viirya commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-commits] 20210408 [spark] branch branch-2.4 updated: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97%40%3Ccommits.spark.apache.org%3E"
},
{
"name": "[hbase-issues] 20210408 [GitHub] [hbase-thirdparty] apurtell merged pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210408 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210408 [hbase-thirdparty] branch master updated: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165 (#49)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1%40%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210409 [GitHub] [pulsar] dinghram opened a new pull request #10183: CVE-2021-28165-Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210409 [GitHub] [pulsar] merlimat commented on pull request #10183: CVE-2021-28165-Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai closed pull request #10183: CVE-2021-28165-Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai commented on pull request #10183: CVE-2021-28165-Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [jira] [Assigned] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 merged pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [GitHub] [kafka] edwin092 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[oss-security] 20210420 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/20/3"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7%40%3Creviews.spark.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[kafka-jira] 20210715 [jira] [Commented] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a%40%3Cjira.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
},
{
"name": "DSA-4949",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4949"
},
{
"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2021-28165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Jetty",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "7.2.2"
},
{
"version_affected": "\u003c=",
"version_value": "9.4.38"
},
{
"version_affected": "\u003e=",
"version_value": "10.0.0.alpha0"
},
{
"version_affected": "\u003c=",
"version_value": "10.0.1"
},
{
"version_affected": "\u003e=",
"version_value": "11.0.0.alpha0"
},
{
"version_affected": "\u003c=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-551"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[hbase-dev] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b@%3Cdev.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210407 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] HyukjinKwon commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210408 [jira] [Resolved] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk closed pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun edited a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-commits] 20210408 [spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78@%3Ccommits.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun closed pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] viirya commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-commits] 20210408 [spark] branch branch-2.4 updated: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97@%3Ccommits.spark.apache.org%3E"
},
{
"name": "[hbase-issues] 20210408 [GitHub] [hbase-thirdparty] apurtell merged pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210408 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210408 [hbase-thirdparty] branch master updated: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165 (#49)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1@%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210409 [GitHub] [pulsar] dinghram opened a new pull request #10183: CVE-2021-28165-Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210409 [GitHub] [pulsar] merlimat commented on pull request #10183: CVE-2021-28165-Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai closed pull request #10183: CVE-2021-28165-Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai commented on pull request #10183: CVE-2021-28165-Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [jira] [Assigned] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 merged pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [GitHub] [kafka] edwin092 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210413 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E"
},
{
"name": "[oss-security] 20210420 Vulnerability in Jenkins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/20/3"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E"
},
{
"name": "[spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35@%3Creviews.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7@%3Creviews.spark.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E"
},
{
"name": "[kafka-jira] 20210715 [jira] [Commented] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a@%3Cjira.kafka.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210611-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
},
{
"name": "DSA-4949",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4949"
},
{
"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2021-28165",
"datePublished": "2021-04-01T14:20:14.000Z",
"dateReserved": "2021-03-12T00:00:00.000Z",
"dateUpdated": "2025-08-27T20:37:23.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28169 (GCVE-0-2021-28169)
Vulnerability from cvelistv5 – Published: 2021-06-09 01:55 – Updated: 2024-08-03 21:40
VLAI
EPSS
Summary
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
Severity
5.3 (Medium)
CWE
Assigner
References
24 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Affected:
unspecified , ≤ 9.4.40
(custom)
Affected: unspecified , ≤ 10.0.2 (custom) Affected: unspecified , ≤ 11.0.2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq"
},
{
"name": "[kafka-users] 20210617 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210617 [SECURITY] [DLA 2688-1] jetty9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00017.html"
},
{
"name": "[kafka-jira] 20210623 [GitHub] [kafka] dongjinleekr opened a new pull request #10919: KAFKA-12985: CVE-2021-28169 - Upgrade jetty to 9.4.41",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210623 [jira] [Created] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r29678972c3f8164b151fd7a5802785d402e530c09870a82ffc7681a4%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210623 [jira] [Created] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r04a4b4553a23aff26f42635a6ae388c3b162aab30a88d12e59d05168%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210704 [GitHub] [kafka] ijuma commented on pull request #10919: KAFKA-12985: CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd5b52362f5edf98e0dcab6541a381f571cccc05ad9188e793af688f3%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210704 [GitHub] [kafka] ijuma merged pull request #10919: KAFKA-12985: CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r284de9c5399486dfff12ab9e7323ca720dd7019a9a3e11c8510a7140%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210722 [jira] [Resolved] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r234f6452297065636356f43654cdacef565b8f9ceb0e0c07ffb8c73b%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210722 [jira] [Updated] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r91e34ff61aff8fd25a3f2a21539597c6ef7589a31c199b0a9546477c%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210722 [jira] [Resolved] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb1292d30462b9baedea7c5d9594fc75990d9aa0ec223b48054ca9c25%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "DSA-4949",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4949"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb037c128c5ad3eab7171%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Created] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a462c8bbb93699825cd3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210928 [jira] [Created] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab808c884bf6d680bea5%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0009/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eclipse Jetty",
"vendor": "The Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "9.4.40",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:54:32.000Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq"
},
{
"name": "[kafka-users] 20210617 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210617 [SECURITY] [DLA 2688-1] jetty9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00017.html"
},
{
"name": "[kafka-jira] 20210623 [GitHub] [kafka] dongjinleekr opened a new pull request #10919: KAFKA-12985: CVE-2021-28169 - Upgrade jetty to 9.4.41",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210623 [jira] [Created] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r29678972c3f8164b151fd7a5802785d402e530c09870a82ffc7681a4%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210623 [jira] [Created] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r04a4b4553a23aff26f42635a6ae388c3b162aab30a88d12e59d05168%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210704 [GitHub] [kafka] ijuma commented on pull request #10919: KAFKA-12985: CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd5b52362f5edf98e0dcab6541a381f571cccc05ad9188e793af688f3%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210704 [GitHub] [kafka] ijuma merged pull request #10919: KAFKA-12985: CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r284de9c5399486dfff12ab9e7323ca720dd7019a9a3e11c8510a7140%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210722 [jira] [Resolved] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r234f6452297065636356f43654cdacef565b8f9ceb0e0c07ffb8c73b%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210722 [jira] [Updated] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r91e34ff61aff8fd25a3f2a21539597c6ef7589a31c199b0a9546477c%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210722 [jira] [Resolved] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb1292d30462b9baedea7c5d9594fc75990d9aa0ec223b48054ca9c25%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "DSA-4949",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4949"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb037c128c5ad3eab7171%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Created] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a462c8bbb93699825cd3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210928 [jira] [Created] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab808c884bf6d680bea5%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0009/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2021-28169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Jetty",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "9.4.40"
},
{
"version_affected": "\u003c=",
"version_value": "10.0.2"
},
{
"version_affected": "\u003c=",
"version_value": "11.0.2"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq"
},
{
"name": "[kafka-users] 20210617 vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210617 [SECURITY] [DLA 2688-1] jetty9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00017.html"
},
{
"name": "[kafka-jira] 20210623 [GitHub] [kafka] dongjinleekr opened a new pull request #10919: KAFKA-12985: CVE-2021-28169 - Upgrade jetty to 9.4.41",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210623 [jira] [Created] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r29678972c3f8164b151fd7a5802785d402e530c09870a82ffc7681a4@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210623 [jira] [Created] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r04a4b4553a23aff26f42635a6ae388c3b162aab30a88d12e59d05168@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210704 [GitHub] [kafka] ijuma commented on pull request #10919: KAFKA-12985: CVE-2021-28169 - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd5b52362f5edf98e0dcab6541a381f571cccc05ad9188e793af688f3@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210704 [GitHub] [kafka] ijuma merged pull request #10919: KAFKA-12985: CVE-2021-28169 - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r284de9c5399486dfff12ab9e7323ca720dd7019a9a3e11c8510a7140@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210722 [jira] [Resolved] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r234f6452297065636356f43654cdacef565b8f9ceb0e0c07ffb8c73b@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210722 [jira] [Updated] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r91e34ff61aff8fd25a3f2a21539597c6ef7589a31c199b0a9546477c@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210722 [jira] [Resolved] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb1292d30462b9baedea7c5d9594fc75990d9aa0ec223b48054ca9c25@%3Cjira.kafka.apache.org%3E"
},
{
"name": "DSA-4949",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4949"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb037c128c5ad3eab7171@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Created] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a462c8bbb93699825cd3@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210928 [jira] [Created] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab808c884bf6d680bea5@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210727-0009/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210727-0009/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2021-28169",
"datePublished": "2021-06-09T01:55:09.000Z",
"dateReserved": "2021-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:40:12.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…