VYPR
Low severityNVD Advisory· Published Mar 5, 2026· Updated Mar 5, 2026

CVE-2025-11143

CVE-2025-11143

Description

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.eclipse.jetty:jetty-httpMaven
>= 9.4.0, <= 9.4.58
org.eclipse.jetty:jetty-httpMaven
>= 10.0.0, <= 10.0.26
org.eclipse.jetty:jetty-httpMaven
>= 11.0.0, <= 11.0.26
org.eclipse.jetty:jetty-httpMaven
>= 12.0.0, < 12.0.3112.0.31
org.eclipse.jetty:jetty-httpMaven
>= 12.1.0, < 12.1.512.1.5

Affected products

63

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.