VYPR

Maven package

org.eclipse.jetty/jetty-openid

pkg:maven/org.eclipse.jetty/jetty-openid

Vulnerabilities (1)

  • CVE-2023-41900Sep 15, 2023
    affected >= 9.4.21, < 9.4.52.v20230823fixed 9.4.52.v20230823

    Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenti