VYPR

Maven package

org.eclipse.jetty/jetty-http

pkg:maven/org.eclipse.jetty/jetty-http

Vulnerabilities (4)

  • CVE-2025-11143Mar 5, 2026
    affected >= 9.4.0, <= 9.4.58

    The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the UR

  • CVE-2024-6763Oct 14, 2024
    affected >= 7.0.0, < 12.0.12fixed 12.0.12

    Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs fro

  • CVE-2023-40167Sep 15, 2023
    affected >= 9.0.0, < 9.4.52fixed 9.4.52

    Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely

  • CVE-2022-2047Jul 7, 2022
    affected < 9.4.47fixed 9.4.47

    In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenar