Jetty Security

Reporting Security Issues

There are a couple of avenues for reporting security issues to the Jetty project. If the issue is directly related to Jetty itself, then reporting to the Jetty developers is encouraged. The most direct method is to mail security@jetty.org or security@webtide.com. We are flexible in how we work with reporters of security issues but reserve the right to act in the interests of the Jetty project in all circumstances.

If the issue is related to Eclipse or its Jetty integration, we would like to encourage you to reach out to security@eclipse.org.

If the issue is related to integrations with Jetty, we are happy to work with you to identify the proper entity, and either of the approaches above is okay.

We prefer that security issues be reported directly to Jetty developers via email instead of GitHub issues since it has no facility to tag issues as private. We will actively delete issues that are opened in this way.

For more information on how we handle security issues, please refer to our Security Policy.

Jetty Security Reports

Date ID Exploit Severity Affects Fixed Version

4/18/2023

CVE-2023-26049

Low

Low

⇐9.4.50, ⇐10.013, ⇐11.0.13, ⇐12.0.0.alpha3

9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0

4/18/2023

CVE-2023-26048

Med

Med

⇐9.4.50, ⇐10.0.13, ⇐11.0.13

9.4.51, 10.0.14, 11.0.14

7/5/2022

CVE-2022-2191

Med

High

⇐ 10.0.9, ⇐ 11.0.9

10.0.10, 11.0.10

7/5/2022

CVE-2022-2047

Low

Low

⇐ 9.4.46, ⇐ 10.0.9, ⇐ 11.0.9

9.4.47, 10.0.10, 11.0.10

7/5/2022

CVE-2022-2048

Med

High

⇐ 9.4.46, ⇐ 10.0.9, ⇐ 11.0.9

9.4.47, 10.0.10, 11.0.10

7/15/2021

CVE-2021-34429

Med

Med

9.4.37 - 9.4.42, 10.0.1 - 10.0.5, 11.0.1 - 11.0.5

9.4.43, 10.0.6, 11.0.6

6/22/2021

CVE-2021-34428

Low

Low

⇐ 9.4.40, ⇐ 10.0.2, ⇐ 11.0.2

9.4.41, 10.0.3, 11.0.3

6/8/2021

CVE-2021-28169

Med

Med

⇐ 9.4.40, ⇐ 10.0.2, ⇐ 11.0.2

9.4.41, 10.0.3, 11.0.3

4/1/2021

CVE-2021-28165

Med

High

7.2.2 - 9.4.38, 10.0.0.alpha0 - 10.0.1, 11.0.0.alpha0 - 11.0.1

9.4.39, 10.0.2, 11.0.2

4/1/2021

CVE-2021-28164

Med

Med

9.4.37, 9.4.38

9.4.39

4/1/2021

CVE-2021-28163

Med

Med

9.4.32 - 9.4.38, 10.0.0.beta2 - 10.0.1, 11.0.0.beta2 - 11.0.1

9.4.39, 10.0.2, 11.0.2

2/26/2021

CVE-2020-27223

Med

Med

9.4.6.v20170531 - 9.4.36.v20210114, 10.0.0, 11.0.0

9.4.37, 10.0.1, 11.0.1

11/17/2020

CVE-2020-27218

Med

Med

9.4.0.RC0 - 9.4.34, 10.0.0.alpha0 - 10.0.0.beta2, 11.0.0.alpha0 - 11.0.0.beta2

9.4.35, 10.0.0.beta3, 11.0.0.beta3

10/19/2020

CVE-2020-27216

Med

High

< = 9.4.32

9.3.29, 9.4.33

7/9/2020

CVE-2019-17638

Med

High

>= 9.4.27, < = 9.4.29

9.4.30

11/25/2019

CVE-2019-17632

Med

Med

>= 9.4.21, < = 9.4.23

9.4.24

8/13/2019

CVE-2019-9518

Med

Med

< = 9.4.20

9.4.21

8/13/2019

CVE-2019-9516

Med

Med

< = 9.4.20

9.4.21

8/13/2019

CVE-2019-9515

Med

Med

< = 9.4.20

9.4.21

8/13/2019

CVE-2019-9514

Med

Med

< = 9.4.20

9.4.21

8/13/2019

CVE-2019-9512

Low

Low

< = 9.4.20

9.4.21

8/13/2019

CVE-2019-9511

Low

Low

< = 9.4.20

9.4.21

4/11/2019

CVE-2019-10247

Med

Med

< = 9.4.16

9.2.28, 9.3.27, 9.4.17

4/11/2019

CVE-2019-10246

High

High

< = 9.4.16

9.2.28, 9.3.27, 9.4.17

4/11/2019

CVE-2019-10241

High

High

< = 9.4.15

9.2.27, 9.3.26, 9.4.16

6/25/2018

CVE-2018-12538

High

High

>= 9.4.0, < = 9.4.8

9.4.9

6/25/2018

CVE-2018-12536

High

See CWE-202

< = 9.4.10

9.2.25, 9.3.24, 9.4.11

6/25/2018

CVE-2017-7658

See CWE-444

See CWE-444

< = 9.4.10

9.2.25, 9.3.24, 9.4.11

6/25/2018

CVE-2017-7657

See CWE-444

See CWE-444

< = 9.4.10

9.2.25, 9.3.24, 9.4.11

6/25/2018

CVE-2017-7656

See CWE-444

See CWE-444

< = 9.4.10

9.2.25, 9.3.24, 9.4.11

5/31/2016

CVE-2016-4800

high

high

>= 9.3.0, < = 9.3.8

9.3.9

2/24/2015

CVE-2015-2080

high

high

>=9.2.3 <9.2.9

9.2.9

12/29/2011

CVE-2011-4461

high

medium

All versions

7.6.0.RCO

11/5/2009

CVE-2009-3555

medium

high

JVM 1.6u19

7.01, 6.1.22

12/22/2007

CVE-2007-6672

high

medium

6.1.rc0-6.1.6

6.1.7

11/5/2007

CVE-2007-5614

low

low

<6.1.6

6.1.6rc1

11/5/2007

CVE-2007-5613

low

low

6.1.6

6.1.6rc0

11/3/2007

CVE-2007-5615

medium

medium

<6.1.6

6.1.6rc0

11/22/2006

CVE-2006-6969

low

high

<6.1.0, <6.0.2, <5.1.12, <4.2.27

6.1.0pre3, 6.0.2, 5.1.12, 4.2.27

6/1/2006

CVE-2006-2759

medium

medium

<6.0.+, <6.0.0Beta17

6.0.0Beta17

11/18/2005

CVE-2006-2758

medium

medium

<5.1.6

5.1.6, 6.0.0Beta4