CVE-2021-28163
- Source
- https://cve.org/CVERecord?id=CVE-2021-28163
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28163.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-28163
- Aliases
- Downstream
- Related
- Published
- 2021-04-01T15:15:14.080Z
- Modified
- 2026-04-10T04:31:40.257924Z
- Severity
-
- 2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
- References
-
- https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E
- https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/
- https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E
- https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3%40%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/
- https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E
- https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E
- https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E
- https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://security.netapp.com/advisory/ntap-20210611-0006/
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq
Affected packages
Git / github.com/apache/lucene-solr
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/lucene-solr
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "34" }, { "introduced": "0" }, { "last_affected": "8.8.1" }, { "introduced": "0" }, { "last_affected": "7.0" } ] }
- Type
- GIT
- Repo
- https://github.com/jetty/jetty.project
- Events
-
IntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "9.4.32" }, { "fixed": "9.4.39" }, { "introduced": "0" }, { "last_affected": "10.0.0-beta2" }, { "introduced": "0" }, { "last_affected": "10.0.1" }, { "introduced": "0" }, { "last_affected": "11.0.0-NA" }, { "introduced": "0" }, { "last_affected": "11.0.0-beta2" }, { "introduced": "0" }, { "last_affected": "11.0.0-beta3" }, { "introduced": "0" }, { "last_affected": "11.0.1" } ] }
Affected versions
Other
grafts/lucene-oldest
grafts/lucene-solr-copy
grafts/lucene-solr-oldest-merged
history/branches/lucene-solr/lucene-6997
history/branches/lucene-solr/lucene3453
jetty-10.*
jetty-10.0.0.beta1
jetty-10.0.0.beta2
jetty-10.0.1
jetty-11.*
jetty-11.0.0
jetty-11.0.0-alpha0
jetty-11.0.0.beta1
jetty-11.0.0.beta2
jetty-11.0.0.beta3
jetty-11.0.1
jetty-8.*
jetty-8.0.0.RC0
jetty-8.1.0.RC0
jetty-9.*
jetty-9.1.0.M0
jetty-9.1.0.RC0
jetty-9.1.0.RC1
jetty-9.1.0.RC2
jetty-9.1.0.v20131115
jetty-9.1.1.v20140108
jetty-9.1.2.v20140210
jetty-9.1.3.v20140225
jetty-9.1.4.v20140401
jetty-9.2.0.M0
jetty-9.2.0.M1
jetty-9.2.0.RC0
jetty-9.2.0.v20140523
jetty-9.2.0.v20140526
jetty-9.2.1.v20140609
jetty-9.4.32.v20200930
jetty-9.4.36.v20210114
jetty-9.4.37.v20210219
releases/lucene-solr/7.*
releases/lucene-solr/7.0.0
releases/lucene-solr/8.*
releases/lucene-solr/8.8.0
releases/lucene-solr/8.8.1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28163.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "32"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "33"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.1"
}
]
},
{
"events": [
{
"introduced": "11.0.0"
},
{
"last_affected": "11.70.1"
}
]
},
{
"events": [
{
"introduced": "9.6"
}
]
},
{
"events": [
{
"introduced": "9.6"
}
]
},
{
"events": [
{
"introduced": "9.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "21.0.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "20.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "21.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "20.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "21.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.2.2"
}
]
},
{
"events": [
{
"introduced": "8.0.0"
},
{
"last_affected": "8.2.4.0"
}
]
},
{
"events": [
{
"introduced": "8.0.0"
},
{
"last_affected": "8.2.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "21.9"
}
]
}
]