org.eclipse.jetty:jetty-http
Moderate fix2 remedies
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 9.4.0, <= 9.4.58
- >= 10.0.0, <= 10.0.26
- >= 11.0.0, <= 11.0.26
- >= 12.0.0, <= 12.0.30
- >= 12.1.0, <= 12.1.4
Eclipse Jetty URI Parsing Vulnerability Leading to Security Bypass
Vulnerability
Patched
A vulnerability exists in the Jetty URI parser, which handles invalid or unusual URIs differently than other common parsers. This differential parsing can lead to security bypasses in systems using multiple components, as one component may interpret URIs in a way that undermines another's security measures. For instance, a component enforcing a blacklist might misinterpret a URI, allowing it to pass through unchecked. Additionally, this parsing inconsistency could reveal sensitive implementation details.
Impact
The vulnerability could cause security bypasses by exploiting the differential URI parsing, potentially leading to unauthorized access or manipulation of data. It may also disclose implementation details that could be leveraged in an attack.
Remediation
Users can upgrade to Jetty versions 12.0.31 or 12.1.5, both available on Maven Central. For Jetty versions 11.0.x, 10.0.x, and 9.4.x, patches are available through Tuxcare and Herodevs.
Added: Mar 5, 2026, 10:18 AM
Updated: Mar 5, 2026, 10:18 AM
Vulnerability Rating
Custom Algorithm
spread
7.6impact
0.6exploitability
7.6remediation
7.7relevance
3.8threat
0.0urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.