CGA-226j-948r-4qgj

Published

Last updated

https://images.chainguard.dev/security/CGA-226j-948r-4qgj

Package

tez

RepositoryWolfi

Latest Update

Under investigation

Aliases

Severity

Unknown

Summary

Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

Description

Impact

Remote DOS attack can cause out of memory

Description

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

Affected Versions

Jetty 12.0.0-12.0.8 (Supported)
Jetty 11.0.0-11.0.23 (EOL)
Jetty 10.0.0-10.0.23 (EOL)
Jetty 9.3.12-9.4.55 (EOL)

Patched Versions

Jetty 12.0.9
Jetty 11.0.24
Jetty 10.0.24
Jetty 9.4.56

Workarounds

Do not use ThreadLimitHandler.
Consider use of QoSHandler instead to artificially limit resource utilization.

References

Jetty 12 - https://github.com/jetty/jetty.project/pull/11723

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-226j-948r-4qgj

Severity

Summary

Description

Impact

Description

Affected Versions

Patched Versions

Workarounds

References

References

Updates

Products

Why Chainguard

Customers

Company

Resources