VYPR
Low severityNVD Advisory· Published Apr 1, 2021· Updated Aug 3, 2024

CVE-2021-28163

CVE-2021-28163

Description

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.eclipse.jetty:jetty-deployMaven
>= 9.4.32, < 9.4.399.4.39
org.eclipse.jetty:jetty-deployMaven
>= 10.0.0, < 10.0.210.0.2
org.eclipse.jetty:jetty-deployMaven
>= 11.0.0, < 11.0.211.0.2

Affected products

7

Patches

Vulnerability mechanics

References

50

News mentions

0

No linked articles in our index yet.