Maven package
org.eclipse.jetty.http2/http2-server
pkg:maven/org.eclipse.jetty.http2/http2-server
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | Hig | 7.5 | KEV | >= 9.3.0, < 9.4.53 | 9.4.53 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2022-2048 | — | < 9.4.47 | 9.4.47 | Jul 7, 2022 | In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no eno |
- affected >= 9.3.0, < 9.4.53fixed 9.4.53
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2022-2048Jul 7, 2022affected < 9.4.47fixed 9.4.47
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no eno