VYPR

Maven package

org.eclipse.jetty.http2/http2-common

pkg:maven/org.eclipse.jetty.http2/http2-common

Vulnerabilities (3)

  • CVE-2025-5115Aug 20, 2025
    affected >= 9.3.0, < 9.4.58fixed 9.4.58

    In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing th

  • CVE-2024-22201Feb 26, 2024
    affected >= 9.3.0, < 9.4.54fixed 9.4.54

    Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing

  • CVE-2023-44487HigKEVOct 10, 2023
    affected >= 9.3.0, < 9.4.53fixed 9.4.53

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.