CVE-2024-13009

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-13009

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-13009.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-13009

Aliases

GHSA-q4rv-gq96-w7c5

Downstream

DEBIAN-CVE-2024-13009

DLA-4106-1

DSA-5894-1

MINI-v6h6-whrm-g559

RHSA-2025:15643

UBUNTU-CVE-2024-13009

Related

Published

2025-05-08T18:15:41Z

Modified

2025-10-21T02:35:50Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.

References

Affected packages

Git / github.com/eclipse/jetty.project

Affected ranges

Type: GIT
Repo: https://github.com/eclipse/jetty.project
Events: Introduced

bf9d17540c7ae4c91be30c045a9485aa2030d3e5

Fixed

df524e6b29271c2e09ba9aea83c18dc9db464a31