CVE-2024-8184

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-8184
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8184.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-8184
Aliases
Downstream
Related
Published
2024-10-14T16:15:04.380Z
Modified
2026-04-10T05:19:47.988211Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

References

Affected packages

Git / github.com/eclipse/jetty.project

Affected ranges

Type
GIT
Repo
https://github.com/eclipse/jetty.project
Events
Introduced
8b35fdc5a5d9870bab05bb11ac9f4a3f2977a153
Fixed
ec6782ff5ead824dabdcf47fa98f90a4aedff401
Introduced
b9645a17373e4e9b7f30b6c0a07defcea2cb660b
Fixed
d5384207795da96fad32db8ea8d26b69955bcc03
Introduced
432f896d7a4555fcc81f38108757ea0aca8788e6
Fixed
5dfc59a691b748796f922208956bd1f2794bcd16
Introduced
28100e8da711e44c0722ed10bd413ae862497539
Fixed
efe8023327e67287f9bfd006700e6a71d45b5dd6
Database specific 
{
    "versions": [
        {
            "introduced": "9.3.12"
        },
        {
            "fixed": "9.4.56"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.0.24"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.0.24"
        },
        {
            "introduced": "12.0.0"
        },
        {
            "fixed": "12.0.9"
        }
    ]
}

Affected versions

jetty-12.*
jetty-12.0.0x
jetty-12.0.5
jetty-12.0.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8184.json"