VYPR
Medium severity5.2NVD Advisory· Published Feb 26, 2021· Updated Jun 17, 2026

CVE-2020-27223

CVE-2020-27223

Description

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.eclipse.jetty:jetty-serverMaven
>= 9.4.6, < 9.4.379.4.37
org.eclipse.jetty:jetty-serverMaven
>= 10.0.0, < 10.0.110.0.1
org.eclipse.jetty:jetty-serverMaven
>= 11.0.0, < 11.0.111.0.1

Affected products

6

Patches

Vulnerability mechanics

References

130

News mentions

0

No linked articles in our index yet.