Maven package
org.eclipse.jetty.ee9/jetty-ee9-jaspi
pkg:maven/org.eclipse.jetty.ee9/jetty-ee9-jaspi
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-5795 | Hig | 7.4 | >= 12.1.0, < 12.1.8 | 12.1.8 | Apr 8, 2026 | In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. |
- affected >= 12.1.0, < 12.1.8fixed 12.1.8
In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals.