Moderate severityNVD Advisory· Published Oct 14, 2024· Updated Nov 3, 2025
Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
CVE-2024-8184
Description
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.eclipse.jetty:jetty-serverMaven | >= 12.0.0, < 12.0.9 | 12.0.9 |
org.eclipse.jetty:jetty-serverMaven | >= 10.0.0, < 10.0.24 | 10.0.24 |
org.eclipse.jetty:jetty-serverMaven | >= 11.0.0, < 11.0.24 | 11.0.24 |
org.eclipse.jetty:jetty-serverMaven | >= 9.3.12, < 9.4.56 | 9.4.56 |
Affected products
129- osv-coords128 versionspkg:apk/chainguard/apache-hoppkg:apk/chainguard/apache-hop-fipspkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-compatpkg:apk/chainguard/apache-nifi-toolkitpkg:apk/chainguard/apache-tika-2.9pkg:apk/chainguard/apache-tika-2.9-compatpkg:apk/chainguard/cassandra-reaperpkg:apk/chainguard/cassandra-reaper-jre-bcfipspkg:apk/chainguard/cloudwatch-exporterpkg:apk/chainguard/confluent-kafkapkg:apk/chainguard/confluent-kafka-jre-bcfipspkg:apk/chainguard/druidpkg:apk/chainguard/druid-compatpkg:apk/chainguard/jenkins-2.452pkg:apk/chainguard/jenkins-2.462pkg:apk/chainguard/kafka-3.7pkg:apk/chainguard/kafka-3.8pkg:apk/chainguard/kafka-bitnami-compat-3.7pkg:apk/chainguard/kafka_exporter-strimzi-compatpkg:apk/chainguard/kafka-jre-bcfipspkg:apk/chainguard/kafka-strimzi-compatpkg:apk/chainguard/neo4jpkg:apk/chainguard/neo4j-oci-entrypointpkg:apk/chainguard/prometheus-jmx-exporter-strimzi-compatpkg:apk/chainguard/solrpkg:apk/chainguard/solr-oci-compatpkg:apk/chainguard/spark-3.4pkg:apk/chainguard/spark-3.4-bitnami-compatpkg:apk/chainguard/spark-3.4-compatpkg:apk/chainguard/spark-3.4-minimalpkg:apk/chainguard/spark-3.4-minimal-openjdk-11pkg:apk/chainguard/spark-3.4-minimal-openjdk-17pkg:apk/chainguard/spark-3.4-minimal-openjdk-8pkg:apk/chainguard/spark-3.4-openjdk-11pkg:apk/chainguard/spark-3.4-openjdk-17pkg:apk/chainguard/spark-3.4-openjdk-8pkg:apk/chainguard/spark-3.5pkg:apk/chainguard/spark-3.5-bitnami-compatpkg:apk/chainguard/spark-3.5-compatpkg:apk/chainguard/spark-3.5-minimal-openjdk-11pkg:apk/chainguard/spark-3.5-minimal-openjdk-17pkg:apk/chainguard/spark-3.5-minimal-openjdk-8pkg:apk/chainguard/spark-3.5-openjdk-11pkg:apk/chainguard/spark-3.5-openjdk-17pkg:apk/chainguard/spark-3.5-openjdk-8pkg:apk/chainguard/spark-3.5-scala-2.12pkg:apk/chainguard/spark-3.5-scala-2.12-compatpkg:apk/chainguard/spark-3.5-scala-2.12-iamguarded-compatpkg:apk/chainguard/spark-3.5-scala-2.13pkg:apk/chainguard/spark-3.5-scala-2.13-compatpkg:apk/chainguard/strimzi-kafka-operatorpkg:apk/chainguard/strimzi-kafka-operator-cluster-operatorpkg:apk/chainguard/strimzi-kafka-operator-kafka-agentpkg:apk/chainguard/strimzi-kafka-operator-kafka-agent-3pkg:apk/chainguard/strimzi-kafka-operator-kafka-basepkg:apk/chainguard/strimzi-kafka-operator-kafka-initpkg:apk/chainguard/strimzi-kafka-operator-kafka-thirdparty-libspkg:apk/chainguard/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/chainguard/strimzi-kafka-operator-mirror-maker-agentpkg:apk/chainguard/strimzi-kafka-operator-topic-operatorpkg:apk/chainguard/strimzi-kafka-operator-tracing-agentpkg:apk/chainguard/strimzi-kafka-operator-user-operatorpkg:apk/chainguard/webswingpkg:apk/chainguard/zookeeper-3.8pkg:apk/chainguard/zookeeper-3.8-compatpkg:apk/chainguard/zookeeper-3.8-iamguarded-compatpkg:apk/chainguard/zookeeper-3.9pkg:apk/chainguard/zookeeper-3.9-iamguarded-compatpkg:apk/chainguard/zookeeper-bitnami-3.8-compatpkg:apk/chainguard/zookeeper-bitnami-3.9-compatpkg:apk/chainguard/zookeeper-fips-3.9pkg:apk/chainguard/zookeeper-fips-3.9-policy-140-2pkg:apk/chainguard/zookeeper-fips-3.9-policy-140-3pkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-compatpkg:apk/wolfi/apache-nifi-toolkitpkg:apk/wolfi/cassandra-reaperpkg:apk/wolfi/cloudwatch-exporterpkg:apk/wolfi/confluent-kafkapkg:apk/wolfi/druidpkg:apk/wolfi/druid-compatpkg:apk/wolfi/kafka-3.8pkg:apk/wolfi/kafka_exporter-strimzi-compatpkg:apk/wolfi/kafka-strimzi-compatpkg:apk/wolfi/neo4jpkg:apk/wolfi/neo4j-oci-entrypointpkg:apk/wolfi/prometheus-jmx-exporter-strimzi-compatpkg:apk/wolfi/solrpkg:apk/wolfi/solr-oci-compatpkg:apk/wolfi/spark-3.5pkg:apk/wolfi/spark-3.5-bitnami-compatpkg:apk/wolfi/spark-3.5-compatpkg:apk/wolfi/spark-3.5-minimal-openjdk-11pkg:apk/wolfi/spark-3.5-minimal-openjdk-17pkg:apk/wolfi/spark-3.5-minimal-openjdk-8pkg:apk/wolfi/spark-3.5-openjdk-11pkg:apk/wolfi/spark-3.5-openjdk-17pkg:apk/wolfi/spark-3.5-openjdk-8pkg:apk/wolfi/spark-3.5-scala-2.12pkg:apk/wolfi/spark-3.5-scala-2.12-compatpkg:apk/wolfi/spark-3.5-scala-2.12-iamguarded-compatpkg:apk/wolfi/spark-3.5-scala-2.13pkg:apk/wolfi/spark-3.5-scala-2.13-compatpkg:apk/wolfi/strimzi-kafka-operatorpkg:apk/wolfi/strimzi-kafka-operator-cluster-operatorpkg:apk/wolfi/strimzi-kafka-operator-kafka-agentpkg:apk/wolfi/strimzi-kafka-operator-kafka-agent-3pkg:apk/wolfi/strimzi-kafka-operator-kafka-basepkg:apk/wolfi/strimzi-kafka-operator-kafka-initpkg:apk/wolfi/strimzi-kafka-operator-kafka-thirdparty-libspkg:apk/wolfi/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/wolfi/strimzi-kafka-operator-mirror-maker-agentpkg:apk/wolfi/strimzi-kafka-operator-topic-operatorpkg:apk/wolfi/strimzi-kafka-operator-tracing-agentpkg:apk/wolfi/strimzi-kafka-operator-user-operatorpkg:apk/wolfi/zookeeper-3.8pkg:apk/wolfi/zookeeper-3.9pkg:apk/wolfi/zookeeper-3.9-iamguarded-compatpkg:apk/wolfi/zookeeper-bitnami-3.8-compatpkg:apk/wolfi/zookeeper-bitnami-3.9-compatpkg:maven/org.eclipse.jetty/jetty-serverpkg:rpm/opensuse/jetty-minimal&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/jetty-minimal&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/jetty-minimal&distro=openSUSE%20Tumbleweedpkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 2.16.0-r0+ 127 more
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.3.0-r0
- (no CPE)range: < 2.3.0-r0
- (no CPE)range: < 2.3.0-r0
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 4.0.1-r1
- (no CPE)range: < 3.7.1-r1
- (no CPE)range: < 0.16.0-r1
- (no CPE)range: < 8.0.0.29-r0
- (no CPE)range: < 8.0.0.41-r0
- (no CPE)range: < 31.0.0-r1
- (no CPE)range: < 31.0.0-r1
- (no CPE)range: < 2.452.4-r4
- (no CPE)range: < 2.462.3-r0
- (no CPE)range: < 3.7.1-r2
- (no CPE)range: < 3.8.1-r46
- (no CPE)range: < 3.7.1-r2
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 3.8.0-r3
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 5.25.1-r0
- (no CPE)range: < 5.25.1-r0
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 9.7.0-r1
- (no CPE)range: < 9.7.0-r1
- (no CPE)range: < 3.4.4-r0
- (no CPE)range: < 3.4.4-r0
- (no CPE)range: < 3.4.4-r0
- (no CPE)range: < 3.4.4-r0
- (no CPE)range: < 3.4.4-r0
- (no CPE)range: < 3.4.4-r0
- (no CPE)range: < 3.4.4-r0
- (no CPE)range: < 3.4.4-r0
- (no CPE)range: < 3.4.4-r0
- (no CPE)range: < 3.4.4-r0
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 24.2.2-r1
- (no CPE)range: < 3.8.4-r1
- (no CPE)range: < 3.8.4-r0
- (no CPE)range: < 3.8.4.0-r6
- (no CPE)range: < 3.9.3-r0
- (no CPE)range: < 3.9.3-r0
- (no CPE)range: < 3.8.4.0-r6
- (no CPE)range: < 3.9.3-r0
- (no CPE)range: < 3.9.3.1-r1
- (no CPE)range: < 3.9.3.1-r1
- (no CPE)range: < 3.9.3.1-r1
- (no CPE)range: < 2.3.0-r0
- (no CPE)range: < 2.3.0-r0
- (no CPE)range: < 2.3.0-r0
- (no CPE)range: < 4.0.1-r1
- (no CPE)range: < 0.16.0-r1
- (no CPE)range: < 8.0.0.29-r0
- (no CPE)range: < 31.0.0-r1
- (no CPE)range: < 31.0.0-r1
- (no CPE)range: < 3.8.1-r46
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 5.25.1-r0
- (no CPE)range: < 5.25.1-r0
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 9.7.0-r1
- (no CPE)range: < 9.7.0-r1
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.3-r4
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 0.45.0-r1
- (no CPE)range: < 3.8.4.0-r6
- (no CPE)range: < 3.9.3-r0
- (no CPE)range: < 3.9.3-r0
- (no CPE)range: < 3.8.4.0-r6
- (no CPE)range: < 3.9.3-r0
- (no CPE)range: >= 12.0.0, < 12.0.9
- (no CPE)range: < 9.4.56-150200.3.28.1
- (no CPE)range: < 9.4.56-150200.3.28.1
- (no CPE)range: < 9.4.56-2.1
- (no CPE)range: < 9.4.56-150200.3.28.1
- (no CPE)range: < 9.4.56-150200.3.28.1
- (no CPE)range: < 9.4.56-150200.3.28.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-g8m5-722r-8whqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-8184ghsaADVISORY
- github.com/jetty/jetty.project/pull/11723ghsaWEB
- github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whqghsaWEB
- gitlab.eclipse.org/security/cve-assignement/-/issues/30ghsaWEB
- lists.debian.org/debian-lts-announce/2025/04/msg00001.htmlghsaWEB
News mentions
0No linked articles in our index yet.