CVE-2020-27218

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-27218
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27218.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-27218
Aliases
Downstream
Related
Published
2020-11-28T01:15:11.587Z
Modified
2026-03-15T22:36:10.226711Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
[none]
Details

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.

References

Affected packages

Git / github.com/apache/kafka

Affected ranges

Type
GIT
Repo
https://github.com/apache/kafka
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
448719dc99a19793d55aaaa8b64282ed3fb3197d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/apache/spark
Events
Introduced
3fdfce3120f307147244e5eaf46d61419a723d50
Last affected
d1f8a503a26bcfb4e466d9accc5fa241a7933667
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
163fbd2528a18bf062bddf7b7753631a12a369b5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
65ac1e75dc468f53fc778cd2ce1ba3f21067aab8
Database specific 
{
    "versions": [
        {
            "introduced": "3.0"
        },
        {
            "last_affected": "3.1.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.3"
        }
    ]
}
Type
GIT
Repo
https://github.com/eclipse/jetty.project
Events
Introduced
bf9d17540c7ae4c91be30c045a9485aa2030d3e5
Fixed
bdc54f03a5e0a7e280fab27f55c3c75ee8da89fb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8cbfd51e80586a614cbc291078584d9f4aab3deb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
57e5cd8a4d1e5fe0eb77443139253a6878f9c3e7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6fdb7a9bb5304af85e2afee89bd2b2eebda4a911
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3ddccfe4bc98be58e5232e6ee426f3cbe714139b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
338ada6076ce454afeb10a88bc63e51dfb8c6dad
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dddc4a58e4a6dc52e52a9738f0be690edef788fd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9b32bd336e93358a7afd5f3927018d41e4badff2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9ce21ec22be920f61d3c840718d661c0f9d1e174
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
28100e8da711e44c0722ed10bd413ae862497539
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c8372b65bd15404de1444d68902c0455a3a69b64
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b9645a17373e4e9b7f30b6c0a07defcea2cb660b
Database specific 
{
    "versions": [
        {
            "introduced": "9.4.0"
        },
        {
            "fixed": "9.4.35"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-alpha0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-alpha1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-beta0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-beta1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-beta2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-alpha0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-beta1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-beta2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "12.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "12.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        }
    ]
}

Affected versions

v3.*
v3.0.0
v3.0.0-rc3
v3.0.1
v3.0.1-rc1
v3.0.1-rc3
v3.0.2
v3.0.2-rc1
v3.0.3
v3.0.3-rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27218.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "21.1.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.0.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.0.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.0.0"
            },
            {
                "last_affected": "8.2.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.1.2.6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "20.4.3.050.1904"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "20.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "21.5"
            }
        ]
    }
]