VYPR

Maven package

org.eclipse.jetty.ee10/jetty-ee10-jaspi

pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-jaspi

Vulnerabilities (1)

  • CVE-2026-5795HigApr 8, 2026
    affected >= 12.1.0, < 12.1.8fixed 12.1.8

    In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals.