This repository has been archived by the owner on Jun 16, 2023. It is now read-only.
CVE-2021-28165 (High) detected in multiple libraries #17
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
CVE-2021-28165 - High Severity Vulnerability
jetty-io-9.3.28.v20191105.jar
Administrative parent pom for Jetty modules
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-io/9.3.28.v20191105/b665bdb9260b8bda2386a4bf5392cfdf23b34934/jetty-io-9.3.28.v20191105.jar
Dependency Hierarchy:
jetty-io-7.6.21.v20160908.jar
Administrative parent pom for Jetty modules
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-io/7.6.21.v20160908/805aed9195ed0624818bc1a8e272935d4b40b2b9/jetty-io-7.6.21.v20160908.jar
Dependency Hierarchy:
jetty-io-9.4.24.v20191120.jar
The Eclipse Jetty Project
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-io/9.4.24.v20191120/dcb6d4d505ef74898e3a64a38c40195c01e97119/jetty-io-9.4.24.v20191120.jar
Dependency Hierarchy:
jetty-io-8.1.22.v20160922.jar
Administrative parent pom for Jetty modules
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-io/8.1.22.v20160922/ad2e825955ad61c7d8812965980a7c3665971e04/jetty-io-8.1.22.v20160922.jar
Dependency Hierarchy:
jetty-io-9.2.26.v20180806.jar
Administrative parent pom for Jetty modules
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-io/9.2.26.v20180806/93b0d12f4c79770c6e13fe7699ae8f72775adc9e/jetty-io-9.2.26.v20180806.jar
Dependency Hierarchy:
Found in HEAD commit: 4cb9afca7b4ab356e0863ec7515cb10a779ea02d
Found in base branch: master
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
Publish Date: 2021-04-01
URL: CVE-2021-28165
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-26vr-8j45-3r4w
Release Date: 2021-04-01
Fix Resolution (org.eclipse.jetty:jetty-io): 9.4.39.v20210325
Direct dependency fix Resolution (org.gretty:gretty-runner-jetty9): 3.0.6
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: