Jersey
by Jersey
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-12383 | 0.00 | — | 0.00 | Nov 18, 2025 | In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC) | |||
| CVE-2014-3643 | 0.00 | — | 0.00 | Dec 15, 2019 | jersey: XXE via parameter entities not disabled by the jersey SAX parser |
- CVE-2025-12383Nov 18, 2025risk 0.00cvss —epss 0.00
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)
- CVE-2014-3643Dec 15, 2019risk 0.00cvss —epss 0.00
jersey: XXE via parameter entities not disabled by the jersey SAX parser