{"containers": {"cna": {"affected": [{"product": "Eclipse Jetty", "vendor": "The Eclipse Foundation", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "9.4.6.v20170531", "versionType": "custom"}, {"lessThanOrEqual": "9.4.36.v20210114", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "10.0.0"}, {"status": "affected", "version": "11.0.0"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "description": "CWE-407: Inefficient Algorithmic Complexity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-13T18:06:11", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7"}, {"name": "[karaf-user] 20210301 Re: Jetty security defect", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r5612dc69e1f79c421faf9764ffbc92591e2a69ea417c04cba57f49ea%40%3Cuser.karaf.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-dev] 20210302 [jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r35ab810c0f3016b3fd3a3fa9088a2d2781b354a810780ce74d022b6c%40%3Cdev.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr opened a new pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r2c2c7b2971360fb946bbf062c58d7245927dd1ce9150fc9987f65409%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r1b7ed296a865e3f1337a96ee9cd51f6d154d881a30da36020ca72a4b%40%3Cjira.kafka.apache.org%3E"}, {"name": "[druid-commits] 20210302 [GitHub] [druid] a2l007 opened a new pull request #10937: Upgrade jetty to latest version", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc052fd4e9e9c01bead74c0b5680355ea5dc3b72d46f253cb65d03e43%40%3Ccommits.druid.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [GitHub] [kafka] ableegoldman commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rdd6c47321db1bfe12c68a898765bf3b6f97e2afa6a501254ed4feaed%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-dev] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ra47a26c008487b0a739a368c846e168de06c3cd118d31ecedafa679a%40%3Cdev.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r7fbdb7880be1566f943d80fbbeefde2115c086eba1bef3115350a388%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-commits] 20210302 [kafka] branch 2.7 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rff630ce92a4d1bb494fc1a3f9b57a3d60819b436505bcd8c6ccc713c%40%3Ccommits.kafka.apache.org%3E"}, {"name": "[kafka-commits] 20210302 [kafka] branch 2.8 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ra384892bab8c03a60613a6a9d5e9cae0a2b800fd882792a55520115e%40%3Ccommits.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [GitHub] [kafka] omkreddy closed pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r562a0cbc5c8cac4d000a27b2854a8ab1b924aa9dd45f8ffbea98e5ad%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-commits] 20210302 [kafka] branch 2.6 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re819198d4732804dc01fca8b5b144689a118ede49f6128968773595c%40%3Ccommits.kafka.apache.org%3E"}, {"name": "[activemq-gitbox] 20210303 [GitHub] [activemq] ehossack-aws opened a new pull request #616: Upgrade to Jetty 9.4.38.v20210224", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r0e25cdf3722a24c53049d37396f0da8502cb4b7cdc481650dc601dbc%40%3Cgitbox.activemq.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r26d9196f4d2afb9bec2784bcb6fc183aca82e4119bf41bdc613eec01%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r857b31ad16c6e76002bc6cca73c83358ed2595477e288286ee82c48d%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20210307 [jira] [Updated] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r0b639bd9bfaea265022125d18acd2fc6456044b76609ec74772c9567%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20210307 [jira] [Created] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/raa6d60b00b67c0550672b4f506f0df75b323dcd25cf574e91e2f2dff%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb79b62ac3085e05656e41865f5a7efcbdc7dcd7843abed9c5fe0fef8%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf6c2efa3137bc8c22707e550a1f9b80f74bca62b9c8a6f768f2c6b86%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-dev] 20210307 [jira] [Created] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r5b7cc6ac733e0b35816751cf45d152ae246a3f40e0b1e62b101c9522%40%3Cdev.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re43768896273c0b5f1a03d7f0a9d370852074489d51825fdc0d77f0f%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210308 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r75ee2a529edb892ac59110cb3f6f91844a932c5034e16c8317f5668d%40%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210308 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r7f4ad5eec0bce2821c308bb23cac53df5c94eb84de1c58de9b95c176%40%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ra40a88a2301a3da86e25b501ff4bc88124f2b816c2917d5f3497f8f0%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on a change in pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re19fa47ec901cc3cf6d7784027198e8113f8bc2dbfd6c9d6d13f5447%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg closed pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r492cff8488a7f6eb96700afb5d137b719ddb80a833e77f971d2691c6%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r0cdab13815fc419805a332278c8d27e354e78560944fc36db0bdc760%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg closed pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r409ee2bae66bfff6aa89e6c74aff535e6248260d3afcb42bfb3b316b%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r8b1963f16d6cb1230ca7ee73b6ec4f5c48f344191dbb1caabd265ee4%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r8dc1b13b80d39fbf4a9d158850e15cd868f0460c2f364f13dca7050b%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on a change in pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/reca91f217f9e1ce607ce6e19a1c0b3db82b5b1b58cf39a84d6434695%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] arshadmohammad commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf77f4c4583669f1133d58cc4f1964367e253818ed8db986bb2732f7c%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210310 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re03a4dbc15df6f390a2f8c0a071c31c8324dbef007e59fdc2592091a%40%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210310 [GitHub] [zookeeper] asfgit closed pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r51f8975ef47c12a46fbfd7da9efea7f08e1d307fe1dc3042514659ae%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20210310 [jira] [Resolved] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r734f996149bb9b1796740385fcbdf3e093eb9aabedc0f20a48ea1d68%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210310 [zookeeper] branch branch-3.7.0 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r0c6eced465950743f3041b03767a32b2e98d19731bd72277fc7ea428%40%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210310 [zookeeper] branch master updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r897a6a14d03eab09e89b809d2a650f3765065201da5bc3db9a4dd6e8%40%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[solr-users] 20210310 Does CVE-2020-27223 impact Solr 8.6.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r07aedcb1ece62969c406cb84c8f0e22cec7e42cdc272f3176e473320%40%3Cusers.solr.apache.org%3E"}, {"name": "[nifi-issues] 20210310 [jira] [Created] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r4c92ea39167c0f7b096ae8268db496b5451d69606f0304b7c8a994c7%40%3Cissues.nifi.apache.org%3E"}, {"name": "[lucene-dev] 20210310 Does CVE-2020-27223 impact Solr 8.6.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r7ffd050d3bd7c90d95f4933560b5f4f15971ab9a5f5322fdce116243%40%3Cdev.lucene.apache.org%3E"}, {"name": "[nifi-issues] 20210310 [jira] [Resolved] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r1b803e6ebdac5f670708878fb1b27cd7a0ce9d774a60e797e58cee6f%40%3Cissues.nifi.apache.org%3E"}, {"name": "[lucene-dev] 20210310 Re: Does CVE-2020-27223 impact Solr 8.6.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re3bd4f831f9be49871cb6adb997289b5dbcd6fe4bc5cb08223254080%40%3Cdev.lucene.apache.org%3E"}, {"name": "[nifi-issues] 20210310 [jira] [Commented] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r463b12b27264c5e1e3c48c8c2cc5d33813d2f0d981102548fb3102fb%40%3Cissues.nifi.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1%40%3Cdev.kafka.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614%40%3Cdev.kafka.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Assigned] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r601f15f3de7ae3a7bbcd780c19155075c56443c2cdc1d193c03b4182%40%3Cissues.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210315 [GitHub] [spark] xkrogen opened a new pull request #31846: [SPARK-34752] Bump Jetty to 9.4.37 to address CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd666e187ebea2fda8624683ab51e2a5ad2108f762d21bf1a383d7502%40%3Creviews.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210315 [GitHub] [spark] AmplabJenkins commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ra2f529da674f25a7351543544f7d621b5227c49a0745913b1194d11e%40%3Creviews.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Updated] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r4a456d89a83752a012d88a60ff4b21def6c9f650b9e69ea9fa11c9f9%40%3Cissues.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Commented] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r521a077885ce79c44a799118c878589e81e525cab72d368e5cfb6f61%40%3Cissues.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Created] (SPARK-34752) Upgrade Jetty to 9.3.37 to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r105f4e52feb051faeb9141ef78f909aaf5129d6ed1fc52e099c79463%40%3Cissues.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Updated] (SPARK-34752) Upgrade Jetty to 9.3.37 to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r27ad7843d060762cc942820566eeaa9639f75371afedf8124b943283%40%3Cissues.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Resolved] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc721fe2910533bffb6bd4d69ea8ff4f36066d260dbcd2d14e041614a%40%3Cissues.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210315 [GitHub] [spark] HyukjinKwon commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/reb3c6dc050c7ee18ea154cd94dba85d99aa6b02b84c4bb2138a4abf2%40%3Creviews.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210315 [GitHub] [spark] HyukjinKwon closed pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r1414ab2b3f4bb4c0e736caff6dc8d15f93f6264f0cca5c47710d7bb3%40%3Creviews.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210316 [GitHub] [spark] xkrogen commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r2c947376491a20d1cf143bf3c21ed74113e099d806cfe4c490a45ad8%40%3Creviews.spark.apache.org%3E"}, {"name": "[solr-issues] 20210407 [jira] [Created] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r068dfd35ce2193f6af28b74ff29ab148c2b2cacb235995576f5bea78%40%3Cissues.solr.apache.org%3E"}, {"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r855b24a3bde3674256152edfc53fb8c9000f9b59db3fecbbde33b211%40%3Cissues.solr.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210401-0005/"}, {"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf190d1d28e1367d1664ef6bc2f71227566d7b6b39209817a5364da1f%40%3Cissues.solr.apache.org%3E"}, {"name": "DSA-4949", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4949"}, {"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r65c714241b9d064a44fec10d60ebf5a37d5ebadd6bf88b0eed13ade0%40%3Cissues.solr.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2020-27223", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Jetty", "version": {"version_data": [{"version_affected": ">=", "version_value": "9.4.6.v20170531"}, {"version_affected": "<=", "version_value": "9.4.36.v20210114"}, {"version_affected": "=", "version_value": "10.0.0"}, {"version_affected": "=", "version_value": "11.0.0"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values."}]}, "impact": {"cvss": {"baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-407: Inefficient Algorithmic Complexity"}]}]}, "references": {"reference_data": [{"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128"}, {"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7", "refsource": "CONFIRM", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7"}, {"name": "[karaf-user] 20210301 Re: Jetty security defect", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5612dc69e1f79c421faf9764ffbc92591e2a69ea417c04cba57f49ea@%3Cuser.karaf.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b@%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-dev] 20210302 [jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r35ab810c0f3016b3fd3a3fa9088a2d2781b354a810780ce74d022b6c@%3Cdev.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr opened a new pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2c2c7b2971360fb946bbf062c58d7245927dd1ce9150fc9987f65409@%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1b7ed296a865e3f1337a96ee9cd51f6d154d881a30da36020ca72a4b@%3Cjira.kafka.apache.org%3E"}, {"name": "[druid-commits] 20210302 [GitHub] [druid] a2l007 opened a new pull request #10937: Upgrade jetty to latest version", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc052fd4e9e9c01bead74c0b5680355ea5dc3b72d46f253cb65d03e43@%3Ccommits.druid.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [GitHub] [kafka] ableegoldman commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdd6c47321db1bfe12c68a898765bf3b6f97e2afa6a501254ed4feaed@%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-dev] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra47a26c008487b0a739a368c846e168de06c3cd118d31ecedafa679a@%3Cdev.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7fbdb7880be1566f943d80fbbeefde2115c086eba1bef3115350a388@%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-commits] 20210302 [kafka] branch 2.7 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rff630ce92a4d1bb494fc1a3f9b57a3d60819b436505bcd8c6ccc713c@%3Ccommits.kafka.apache.org%3E"}, {"name": "[kafka-commits] 20210302 [kafka] branch 2.8 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra384892bab8c03a60613a6a9d5e9cae0a2b800fd882792a55520115e@%3Ccommits.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [GitHub] [kafka] omkreddy closed pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r562a0cbc5c8cac4d000a27b2854a8ab1b924aa9dd45f8ffbea98e5ad@%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-commits] 20210302 [kafka] branch 2.6 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re819198d4732804dc01fca8b5b144689a118ede49f6128968773595c@%3Ccommits.kafka.apache.org%3E"}, {"name": "[activemq-gitbox] 20210303 [GitHub] [activemq] ehossack-aws opened a new pull request #616: Upgrade to Jetty 9.4.38.v20210224", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0e25cdf3722a24c53049d37396f0da8502cb4b7cdc481650dc601dbc@%3Cgitbox.activemq.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r26d9196f4d2afb9bec2784bcb6fc183aca82e4119bf41bdc613eec01@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r857b31ad16c6e76002bc6cca73c83358ed2595477e288286ee82c48d@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20210307 [jira] [Updated] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0b639bd9bfaea265022125d18acd2fc6456044b76609ec74772c9567@%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20210307 [jira] [Created] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/raa6d60b00b67c0550672b4f506f0df75b323dcd25cf574e91e2f2dff@%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb79b62ac3085e05656e41865f5a7efcbdc7dcd7843abed9c5fe0fef8@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6c2efa3137bc8c22707e550a1f9b80f74bca62b9c8a6f768f2c6b86@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-dev] 20210307 [jira] [Created] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5b7cc6ac733e0b35816751cf45d152ae246a3f40e0b1e62b101c9522@%3Cdev.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re43768896273c0b5f1a03d7f0a9d370852074489d51825fdc0d77f0f@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210308 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75ee2a529edb892ac59110cb3f6f91844a932c5034e16c8317f5668d@%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210308 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7f4ad5eec0bce2821c308bb23cac53df5c94eb84de1c58de9b95c176@%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra40a88a2301a3da86e25b501ff4bc88124f2b816c2917d5f3497f8f0@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on a change in pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re19fa47ec901cc3cf6d7784027198e8113f8bc2dbfd6c9d6d13f5447@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg closed pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r492cff8488a7f6eb96700afb5d137b719ddb80a833e77f971d2691c6@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0cdab13815fc419805a332278c8d27e354e78560944fc36db0bdc760@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg closed pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r409ee2bae66bfff6aa89e6c74aff535e6248260d3afcb42bfb3b316b@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8b1963f16d6cb1230ca7ee73b6ec4f5c48f344191dbb1caabd265ee4@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8dc1b13b80d39fbf4a9d158850e15cd868f0460c2f364f13dca7050b@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on a change in pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/reca91f217f9e1ce607ce6e19a1c0b3db82b5b1b58cf39a84d6434695@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] arshadmohammad commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf77f4c4583669f1133d58cc4f1964367e253818ed8db986bb2732f7c@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210310 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re03a4dbc15df6f390a2f8c0a071c31c8324dbef007e59fdc2592091a@%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210310 [GitHub] [zookeeper] asfgit closed pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r51f8975ef47c12a46fbfd7da9efea7f08e1d307fe1dc3042514659ae@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20210310 [jira] [Resolved] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r734f996149bb9b1796740385fcbdf3e093eb9aabedc0f20a48ea1d68@%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210310 [zookeeper] branch branch-3.7.0 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0c6eced465950743f3041b03767a32b2e98d19731bd72277fc7ea428@%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210310 [zookeeper] branch master updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r897a6a14d03eab09e89b809d2a650f3765065201da5bc3db9a4dd6e8@%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[solr-users] 20210310 Does CVE-2020-27223 impact Solr 8.6.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r07aedcb1ece62969c406cb84c8f0e22cec7e42cdc272f3176e473320@%3Cusers.solr.apache.org%3E"}, {"name": "[nifi-issues] 20210310 [jira] [Created] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r4c92ea39167c0f7b096ae8268db496b5451d69606f0304b7c8a994c7@%3Cissues.nifi.apache.org%3E"}, {"name": "[lucene-dev] 20210310 Does CVE-2020-27223 impact Solr 8.6.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7ffd050d3bd7c90d95f4933560b5f4f15971ab9a5f5322fdce116243@%3Cdev.lucene.apache.org%3E"}, {"name": "[nifi-issues] 20210310 [jira] [Resolved] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1b803e6ebdac5f670708878fb1b27cd7a0ce9d774a60e797e58cee6f@%3Cissues.nifi.apache.org%3E"}, {"name": "[lucene-dev] 20210310 Re: Does CVE-2020-27223 impact Solr 8.6.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re3bd4f831f9be49871cb6adb997289b5dbcd6fe4bc5cb08223254080@%3Cdev.lucene.apache.org%3E"}, {"name": "[nifi-issues] 20210310 [jira] [Commented] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r463b12b27264c5e1e3c48c8c2cc5d33813d2f0d981102548fb3102fb@%3Cissues.nifi.apache.org%3E"}, {"name": "https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1@%3Cdev.kafka.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1@%3Cdev.kafka.apache.org%3E"}, {"name": "https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614@%3Cdev.kafka.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614@%3Cdev.kafka.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Assigned] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r601f15f3de7ae3a7bbcd780c19155075c56443c2cdc1d193c03b4182@%3Cissues.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210315 [GitHub] [spark] xkrogen opened a new pull request #31846: [SPARK-34752] Bump Jetty to 9.4.37 to address CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd666e187ebea2fda8624683ab51e2a5ad2108f762d21bf1a383d7502@%3Creviews.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210315 [GitHub] [spark] AmplabJenkins commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra2f529da674f25a7351543544f7d621b5227c49a0745913b1194d11e@%3Creviews.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Updated] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r4a456d89a83752a012d88a60ff4b21def6c9f650b9e69ea9fa11c9f9@%3Cissues.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Commented] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r521a077885ce79c44a799118c878589e81e525cab72d368e5cfb6f61@%3Cissues.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Created] (SPARK-34752) Upgrade Jetty to 9.3.37 to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r105f4e52feb051faeb9141ef78f909aaf5129d6ed1fc52e099c79463@%3Cissues.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Updated] (SPARK-34752) Upgrade Jetty to 9.3.37 to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r27ad7843d060762cc942820566eeaa9639f75371afedf8124b943283@%3Cissues.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Resolved] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc721fe2910533bffb6bd4d69ea8ff4f36066d260dbcd2d14e041614a@%3Cissues.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210315 [GitHub] [spark] HyukjinKwon commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/reb3c6dc050c7ee18ea154cd94dba85d99aa6b02b84c4bb2138a4abf2@%3Creviews.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210315 [GitHub] [spark] HyukjinKwon closed pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1414ab2b3f4bb4c0e736caff6dc8d15f93f6264f0cca5c47710d7bb3@%3Creviews.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210316 [GitHub] [spark] xkrogen commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2c947376491a20d1cf143bf3c21ed74113e099d806cfe4c490a45ad8@%3Creviews.spark.apache.org%3E"}, {"name": "[solr-issues] 20210407 [jira] [Created] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r068dfd35ce2193f6af28b74ff29ab148c2b2cacb235995576f5bea78@%3Cissues.solr.apache.org%3E"}, {"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r855b24a3bde3674256152edfc53fb8c9000f9b59db3fecbbde33b211@%3Cissues.solr.apache.org%3E"}, {"name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"name": "https://security.netapp.com/advisory/ntap-20210401-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210401-0005/"}, {"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf190d1d28e1367d1664ef6bc2f71227566d7b6b39209817a5364da1f@%3Cissues.solr.apache.org%3E"}, {"name": "DSA-4949", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4949"}, {"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r65c714241b9d064a44fec10d60ebf5a37d5ebadd6bf88b0eed13ade0@%3Cissues.solr.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:11:36.050Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7"}, {"name": "[karaf-user] 20210301 Re: Jetty security defect", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r5612dc69e1f79c421faf9764ffbc92591e2a69ea417c04cba57f49ea%40%3Cuser.karaf.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-dev] 20210302 [jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r35ab810c0f3016b3fd3a3fa9088a2d2781b354a810780ce74d022b6c%40%3Cdev.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr opened a new pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r2c2c7b2971360fb946bbf062c58d7245927dd1ce9150fc9987f65409%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r1b7ed296a865e3f1337a96ee9cd51f6d154d881a30da36020ca72a4b%40%3Cjira.kafka.apache.org%3E"}, {"name": "[druid-commits] 20210302 [GitHub] [druid] a2l007 opened a new pull request #10937: Upgrade jetty to latest version", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc052fd4e9e9c01bead74c0b5680355ea5dc3b72d46f253cb65d03e43%40%3Ccommits.druid.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [GitHub] [kafka] ableegoldman commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rdd6c47321db1bfe12c68a898765bf3b6f97e2afa6a501254ed4feaed%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-dev] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra47a26c008487b0a739a368c846e168de06c3cd118d31ecedafa679a%40%3Cdev.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7fbdb7880be1566f943d80fbbeefde2115c086eba1bef3115350a388%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-commits] 20210302 [kafka] branch 2.7 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rff630ce92a4d1bb494fc1a3f9b57a3d60819b436505bcd8c6ccc713c%40%3Ccommits.kafka.apache.org%3E"}, {"name": "[kafka-commits] 20210302 [kafka] branch 2.8 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra384892bab8c03a60613a6a9d5e9cae0a2b800fd882792a55520115e%40%3Ccommits.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20210302 [GitHub] [kafka] omkreddy closed pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r562a0cbc5c8cac4d000a27b2854a8ab1b924aa9dd45f8ffbea98e5ad%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-commits] 20210302 [kafka] branch 2.6 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re819198d4732804dc01fca8b5b144689a118ede49f6128968773595c%40%3Ccommits.kafka.apache.org%3E"}, {"name": "[activemq-gitbox] 20210303 [GitHub] [activemq] ehossack-aws opened a new pull request #616: Upgrade to Jetty 9.4.38.v20210224", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r0e25cdf3722a24c53049d37396f0da8502cb4b7cdc481650dc601dbc%40%3Cgitbox.activemq.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r26d9196f4d2afb9bec2784bcb6fc183aca82e4119bf41bdc613eec01%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r857b31ad16c6e76002bc6cca73c83358ed2595477e288286ee82c48d%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20210307 [jira] [Updated] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r0b639bd9bfaea265022125d18acd2fc6456044b76609ec74772c9567%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20210307 [jira] [Created] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/raa6d60b00b67c0550672b4f506f0df75b323dcd25cf574e91e2f2dff%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb79b62ac3085e05656e41865f5a7efcbdc7dcd7843abed9c5fe0fef8%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf6c2efa3137bc8c22707e550a1f9b80f74bca62b9c8a6f768f2c6b86%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-dev] 20210307 [jira] [Created] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r5b7cc6ac733e0b35816751cf45d152ae246a3f40e0b1e62b101c9522%40%3Cdev.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re43768896273c0b5f1a03d7f0a9d370852074489d51825fdc0d77f0f%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210308 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r75ee2a529edb892ac59110cb3f6f91844a932c5034e16c8317f5668d%40%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210308 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7f4ad5eec0bce2821c308bb23cac53df5c94eb84de1c58de9b95c176%40%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra40a88a2301a3da86e25b501ff4bc88124f2b816c2917d5f3497f8f0%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on a change in pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re19fa47ec901cc3cf6d7784027198e8113f8bc2dbfd6c9d6d13f5447%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg closed pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r492cff8488a7f6eb96700afb5d137b719ddb80a833e77f971d2691c6%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r0cdab13815fc419805a332278c8d27e354e78560944fc36db0bdc760%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg closed pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r409ee2bae66bfff6aa89e6c74aff535e6248260d3afcb42bfb3b316b%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r8b1963f16d6cb1230ca7ee73b6ec4f5c48f344191dbb1caabd265ee4%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r8dc1b13b80d39fbf4a9d158850e15cd868f0460c2f364f13dca7050b%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on a change in pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/reca91f217f9e1ce607ce6e19a1c0b3db82b5b1b58cf39a84d6434695%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] arshadmohammad commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf77f4c4583669f1133d58cc4f1964367e253818ed8db986bb2732f7c%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210310 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re03a4dbc15df6f390a2f8c0a071c31c8324dbef007e59fdc2592091a%40%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20210310 [GitHub] [zookeeper] asfgit closed pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r51f8975ef47c12a46fbfd7da9efea7f08e1d307fe1dc3042514659ae%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20210310 [jira] [Resolved] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r734f996149bb9b1796740385fcbdf3e093eb9aabedc0f20a48ea1d68%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210310 [zookeeper] branch branch-3.7.0 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r0c6eced465950743f3041b03767a32b2e98d19731bd72277fc7ea428%40%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[zookeeper-commits] 20210310 [zookeeper] branch master updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r897a6a14d03eab09e89b809d2a650f3765065201da5bc3db9a4dd6e8%40%3Ccommits.zookeeper.apache.org%3E"}, {"name": "[solr-users] 20210310 Does CVE-2020-27223 impact Solr 8.6.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r07aedcb1ece62969c406cb84c8f0e22cec7e42cdc272f3176e473320%40%3Cusers.solr.apache.org%3E"}, {"name": "[nifi-issues] 20210310 [jira] [Created] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r4c92ea39167c0f7b096ae8268db496b5451d69606f0304b7c8a994c7%40%3Cissues.nifi.apache.org%3E"}, {"name": "[lucene-dev] 20210310 Does CVE-2020-27223 impact Solr 8.6.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7ffd050d3bd7c90d95f4933560b5f4f15971ab9a5f5322fdce116243%40%3Cdev.lucene.apache.org%3E"}, {"name": "[nifi-issues] 20210310 [jira] [Resolved] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r1b803e6ebdac5f670708878fb1b27cd7a0ce9d774a60e797e58cee6f%40%3Cissues.nifi.apache.org%3E"}, {"name": "[lucene-dev] 20210310 Re: Does CVE-2020-27223 impact Solr 8.6.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re3bd4f831f9be49871cb6adb997289b5dbcd6fe4bc5cb08223254080%40%3Cdev.lucene.apache.org%3E"}, {"name": "[nifi-issues] 20210310 [jira] [Commented] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r463b12b27264c5e1e3c48c8c2cc5d33813d2f0d981102548fb3102fb%40%3Cissues.nifi.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1%40%3Cdev.kafka.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614%40%3Cdev.kafka.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Assigned] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r601f15f3de7ae3a7bbcd780c19155075c56443c2cdc1d193c03b4182%40%3Cissues.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210315 [GitHub] [spark] xkrogen opened a new pull request #31846: [SPARK-34752] Bump Jetty to 9.4.37 to address CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd666e187ebea2fda8624683ab51e2a5ad2108f762d21bf1a383d7502%40%3Creviews.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210315 [GitHub] [spark] AmplabJenkins commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra2f529da674f25a7351543544f7d621b5227c49a0745913b1194d11e%40%3Creviews.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Updated] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r4a456d89a83752a012d88a60ff4b21def6c9f650b9e69ea9fa11c9f9%40%3Cissues.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Commented] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r521a077885ce79c44a799118c878589e81e525cab72d368e5cfb6f61%40%3Cissues.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Created] (SPARK-34752) Upgrade Jetty to 9.3.37 to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r105f4e52feb051faeb9141ef78f909aaf5129d6ed1fc52e099c79463%40%3Cissues.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Updated] (SPARK-34752) Upgrade Jetty to 9.3.37 to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r27ad7843d060762cc942820566eeaa9639f75371afedf8124b943283%40%3Cissues.spark.apache.org%3E"}, {"name": "[spark-issues] 20210315 [jira] [Resolved] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc721fe2910533bffb6bd4d69ea8ff4f36066d260dbcd2d14e041614a%40%3Cissues.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210315 [GitHub] [spark] HyukjinKwon commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/reb3c6dc050c7ee18ea154cd94dba85d99aa6b02b84c4bb2138a4abf2%40%3Creviews.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210315 [GitHub] [spark] HyukjinKwon closed pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r1414ab2b3f4bb4c0e736caff6dc8d15f93f6264f0cca5c47710d7bb3%40%3Creviews.spark.apache.org%3E"}, {"name": "[spark-reviews] 20210316 [GitHub] [spark] xkrogen commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r2c947376491a20d1cf143bf3c21ed74113e099d806cfe4c490a45ad8%40%3Creviews.spark.apache.org%3E"}, {"name": "[solr-issues] 20210407 [jira] [Created] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r068dfd35ce2193f6af28b74ff29ab148c2b2cacb235995576f5bea78%40%3Cissues.solr.apache.org%3E"}, {"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r855b24a3bde3674256152edfc53fb8c9000f9b59db3fecbbde33b211%40%3Cissues.solr.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210401-0005/"}, {"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf190d1d28e1367d1664ef6bc2f71227566d7b6b39209817a5364da1f%40%3Cissues.solr.apache.org%3E"}, {"name": "DSA-4949", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4949"}, {"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r65c714241b9d064a44fec10d60ebf5a37d5ebadd6bf88b0eed13ade0%40%3Cissues.solr.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2020-27223", "datePublished": "2021-02-26T21:55:13", "dateReserved": "2020-10-19T00:00:00", "dateUpdated": "2024-08-04T16:11:36.050Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "F30DCAA9-4998-4E2F-9341-8E0F1752CB92", "versionEndExcluding": "9.4.36", "versionStartIncluding": "9.4.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*", "matchCriteriaId": "16872138-6AF5-418F-998F-1220DA602AE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*", "matchCriteriaId": "3211336E-0EE6-4676-AEFA-A778176C0ECE", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.36:-:*:*:*:*:*:*", "matchCriteriaId": "23BC90F3-4107-46B6-8135-42374512EDDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.36:20210114:*:*:*:*:*:*", "matchCriteriaId": "F8B77C51-6991-4C6B-9112-AC87B0E9D530", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:10.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "5737CF3E-AA46-45DD-801A-E22ACCDB00CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:11.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "52F4E0D3-9709-4073-9DE0-F36CDD3DB62F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:nifi:1.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "12AA1D39-F2E2-48E7-9D9F-49F5E52F29B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:spark:3.1.1:-:*:*:*:*:*:*", "matchCriteriaId": "16A8F28D-5F62-4F99-9292-20E039E0756B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "214712B6-59AF-4B5E-84BF-AF3C74A390EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:solr:8.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "42672AEA-5920-4951-ADCF-5D5AA4AB4A77", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*", "matchCriteriaId": "D0AFFDC9-8EBA-45A2-AD53-18E663AF4631", "versionEndExcluding": "20.4.3.050.1904", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values."}, {"lang": "es", "value": "En Eclipse Jetty versiones 9.4.6.v20170531 hasta 9.4.36.v20210114 (inclusive), versiones 10.0.0 y 11.0.0, cuando Jetty maneja una petici\u00f3n que contiene m\u00faltiples encabezados Accept con una gran cantidad de par\u00e1metros \u201cquality\u201d (es decir, q), el servidor puede entrar en un estado de denegaci\u00f3n de servicio (DoS) debido al alto uso de CPU procesando esos valores de calidad, resultando en minutos de tiempo de CPU agotados procesando esos valores de calidad"}], "id": "CVE-2020-27223", "lastModified": "2023-11-07T03:20:55.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "emo@eclipse.org", "type": "Secondary"}]}, "published": "2021-02-26T22:15:19.317", "references": [{"source": "emo@eclipse.org", "tags": ["Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r068dfd35ce2193f6af28b74ff29ab148c2b2cacb235995576f5bea78%40%3Cissues.solr.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r07aedcb1ece62969c406cb84c8f0e22cec7e42cdc272f3176e473320%40%3Cusers.solr.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r0b639bd9bfaea265022125d18acd2fc6456044b76609ec74772c9567%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r0c6eced465950743f3041b03767a32b2e98d19731bd72277fc7ea428%40%3Ccommits.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r0cdab13815fc419805a332278c8d27e354e78560944fc36db0bdc760%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r0e25cdf3722a24c53049d37396f0da8502cb4b7cdc481650dc601dbc%40%3Cgitbox.activemq.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r105f4e52feb051faeb9141ef78f909aaf5129d6ed1fc52e099c79463%40%3Cissues.spark.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r1414ab2b3f4bb4c0e736caff6dc8d15f93f6264f0cca5c47710d7bb3%40%3Creviews.spark.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r1b7ed296a865e3f1337a96ee9cd51f6d154d881a30da36020ca72a4b%40%3Cjira.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r1b803e6ebdac5f670708878fb1b27cd7a0ce9d774a60e797e58cee6f%40%3Cissues.nifi.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r26d9196f4d2afb9bec2784bcb6fc183aca82e4119bf41bdc613eec01%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r27ad7843d060762cc942820566eeaa9639f75371afedf8124b943283%40%3Cissues.spark.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r2c2c7b2971360fb946bbf062c58d7245927dd1ce9150fc9987f65409%40%3Cjira.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r2c947376491a20d1cf143bf3c21ed74113e099d806cfe4c490a45ad8%40%3Creviews.spark.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r35ab810c0f3016b3fd3a3fa9088a2d2781b354a810780ce74d022b6c%40%3Cdev.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1%40%3Cdev.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r409ee2bae66bfff6aa89e6c74aff535e6248260d3afcb42bfb3b316b%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r463b12b27264c5e1e3c48c8c2cc5d33813d2f0d981102548fb3102fb%40%3Cissues.nifi.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r492cff8488a7f6eb96700afb5d137b719ddb80a833e77f971d2691c6%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r4a456d89a83752a012d88a60ff4b21def6c9f650b9e69ea9fa11c9f9%40%3Cissues.spark.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r4c92ea39167c0f7b096ae8268db496b5451d69606f0304b7c8a994c7%40%3Cissues.nifi.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r51f8975ef47c12a46fbfd7da9efea7f08e1d307fe1dc3042514659ae%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r521a077885ce79c44a799118c878589e81e525cab72d368e5cfb6f61%40%3Cissues.spark.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r5612dc69e1f79c421faf9764ffbc92591e2a69ea417c04cba57f49ea%40%3Cuser.karaf.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r562a0cbc5c8cac4d000a27b2854a8ab1b924aa9dd45f8ffbea98e5ad%40%3Cjira.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r5b7cc6ac733e0b35816751cf45d152ae246a3f40e0b1e62b101c9522%40%3Cdev.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r601f15f3de7ae3a7bbcd780c19155075c56443c2cdc1d193c03b4182%40%3Cissues.spark.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r65c714241b9d064a44fec10d60ebf5a37d5ebadd6bf88b0eed13ade0%40%3Cissues.solr.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r734f996149bb9b1796740385fcbdf3e093eb9aabedc0f20a48ea1d68%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r75ee2a529edb892ac59110cb3f6f91844a932c5034e16c8317f5668d%40%3Ccommits.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r7f4ad5eec0bce2821c308bb23cac53df5c94eb84de1c58de9b95c176%40%3Ccommits.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r7fbdb7880be1566f943d80fbbeefde2115c086eba1bef3115350a388%40%3Cjira.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r7ffd050d3bd7c90d95f4933560b5f4f15971ab9a5f5322fdce116243%40%3Cdev.lucene.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r855b24a3bde3674256152edfc53fb8c9000f9b59db3fecbbde33b211%40%3Cissues.solr.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r857b31ad16c6e76002bc6cca73c83358ed2595477e288286ee82c48d%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r897a6a14d03eab09e89b809d2a650f3765065201da5bc3db9a4dd6e8%40%3Ccommits.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r8b1963f16d6cb1230ca7ee73b6ec4f5c48f344191dbb1caabd265ee4%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r8dc1b13b80d39fbf4a9d158850e15cd868f0460c2f364f13dca7050b%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/ra2f529da674f25a7351543544f7d621b5227c49a0745913b1194d11e%40%3Creviews.spark.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/ra384892bab8c03a60613a6a9d5e9cae0a2b800fd882792a55520115e%40%3Ccommits.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/ra40a88a2301a3da86e25b501ff4bc88124f2b816c2917d5f3497f8f0%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/ra47a26c008487b0a739a368c846e168de06c3cd118d31ecedafa679a%40%3Cdev.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/raa6d60b00b67c0550672b4f506f0df75b323dcd25cf574e91e2f2dff%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/rb79b62ac3085e05656e41865f5a7efcbdc7dcd7843abed9c5fe0fef8%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/rc052fd4e9e9c01bead74c0b5680355ea5dc3b72d46f253cb65d03e43%40%3Ccommits.druid.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/rc721fe2910533bffb6bd4d69ea8ff4f36066d260dbcd2d14e041614a%40%3Cissues.spark.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/rd666e187ebea2fda8624683ab51e2a5ad2108f762d21bf1a383d7502%40%3Creviews.spark.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b%40%3Cjira.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/rdd6c47321db1bfe12c68a898765bf3b6f97e2afa6a501254ed4feaed%40%3Cjira.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/re03a4dbc15df6f390a2f8c0a071c31c8324dbef007e59fdc2592091a%40%3Ccommits.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614%40%3Cdev.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/re19fa47ec901cc3cf6d7784027198e8113f8bc2dbfd6c9d6d13f5447%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/re3bd4f831f9be49871cb6adb997289b5dbcd6fe4bc5cb08223254080%40%3Cdev.lucene.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/re43768896273c0b5f1a03d7f0a9d370852074489d51825fdc0d77f0f%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/re819198d4732804dc01fca8b5b144689a118ede49f6128968773595c%40%3Ccommits.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/reb3c6dc050c7ee18ea154cd94dba85d99aa6b02b84c4bb2138a4abf2%40%3Creviews.spark.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/reca91f217f9e1ce607ce6e19a1c0b3db82b5b1b58cf39a84d6434695%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/rf190d1d28e1367d1664ef6bc2f71227566d7b6b39209817a5364da1f%40%3Cissues.solr.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/rf6c2efa3137bc8c22707e550a1f9b80f74bca62b9c8a6f768f2c6b86%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/rf77f4c4583669f1133d58cc4f1964367e253818ed8db986bb2732f7c%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/rff630ce92a4d1bb494fc1a3f9b57a3d60819b436505bcd8c6ccc713c%40%3Ccommits.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210401-0005/"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4949"}, {"source": "emo@eclipse.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-407"}], "source": "emo@eclipse.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2021:2689", "cpe": "cpe:/a:redhat:amq_broker:7", "package": "jetty", "product_name": "Red Hat AMQ 7.8.2", "release_date": "2021-07-12T00:00:00Z"}, {"advisory": "RHSA-2021:3700", "cpe": "cpe:/a:redhat:amq_broker:7", "package": "jetty", "product_name": "Red Hat AMQ 7.9.0", "release_date": "2021-09-30T00:00:00Z"}, {"advisory": "RHSA-2021:5134", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "jetty", "product_name": "Red Hat Fuse 7.10", "release_date": "2021-12-14T00:00:00Z"}, {"advisory": "RHSA-2021:4767", "cpe": "cpe:/a:redhat:camel_quarkus:2.2", "impact": "low", "package": "jetty", "product_name": "Red Hat Integration Camel Quarkus", "release_date": "2021-11-23T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-controller-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-operator-bundle:v1.4.6-5", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-registry-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-ui-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-rhel8:v1.4.6-5", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHSA-2021:2517", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-0:2.289.1.1624365627-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2021-06-30T00:00:00Z"}, {"advisory": "RHSA-2021:2431", "cpe": "cpe:/a:redhat:openshift:4.5::el7", "package": "jenkins-0:2.277.3.1623846768-1.el7", "product_name": "Red Hat OpenShift Container Platform 4.5", "release_date": "2021-07-02T00:00:00Z"}, {"advisory": "RHSA-2021:2499", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "package": "jenkins-0:2.277.3.1623853726-1.el8", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2021-06-29T00:00:00Z"}, {"advisory": "RHSA-2022:6407", "cpe": "cpe:/a:redhat:integration:1", "impact": "low", "package": "jetty", "product_name": "RHAF Camel-K 1.8", "release_date": "2022-09-09T00:00:00Z"}], "bugzilla": {"description": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS", "id": "1934116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-400", "details": ["In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values."], "name": "CVE-2020-27223", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "jetty", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:devtools:", "fix_state": "Affected", "package_name": "rh-eclipse-jetty", "product_name": "Red Hat Developer Tools"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "jetty-eclipse", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "jetty", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "eclipse:rhel8/jetty", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_amq:6", "fix_state": "Out of support scope", "package_name": "jetty", "product_name": "Red Hat JBoss A-MQ 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "jetty", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "jetty", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "hadoop-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-metering-hive", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-metering-presto", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "jetty", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "jetty", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2021-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-27223\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27223\nhttps://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7"], "statement": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "threat_severity": "Moderate", "upstream_fix": "jetty-9.4.37.v20210219 jetty-10.0.1 jetty-11.0.1"}