GHSA-7vx9-xjhr-rw6h

Source

https://github.com/advisories/GHSA-7vx9-xjhr-rw6h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-7vx9-xjhr-rw6h/GHSA-7vx9-xjhr-rw6h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7vx9-xjhr-rw6h

Aliases

CVE-2019-10241

Published

2019-04-23T16:06:02Z

Modified

2024-02-16T08:16:44.502362Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site Scripting in Eclipse Jetty

Details

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

Database specific

{
    "nvd_published_at": "2019-04-22T20:29:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2019-04-23T16:02:04Z"
}

References

Affected packages

Maven / org.eclipse.jetty:jetty-server

Package

Name: org.eclipse.jetty:jetty-server; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.jetty/jetty-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.2.27.v20190403

Affected versions

7.*

7.0.0.M0

7.0.0.M1

7.0.0.M2

7.0.0.M3

7.0.0.M4

7.0.0.RC0

7.0.0.RC1

7.0.0.RC2

7.0.0.RC3

7.0.0.RC4

7.0.0.RC5

7.0.0.RC6

7.0.0.v20091005

7.0.1.v20091125

7.0.2.RC0

7.0.2.v20100331

7.1.0.RC0

7.1.0.RC1

7.1.0.v20100505

7.1.1.v20100517

7.1.2.v20100523

7.1.3.v20100526

7.1.4.v20100610

7.1.5.v20100705

7.1.6.v20100715

7.2.0.RC0

7.2.0.v20101020

7.2.1.v20101111

7.2.2.v20101205

7.3.0.v20110203

7.3.1.v20110307

7.4.0.RC0

7.4.0.v20110414

7.4.1.v20110513

7.4.2.v20110526

7.4.3.v20110701

7.4.4.v20110707

7.4.5.v20110725

7.5.0.RC0

7.5.0.RC1

7.5.0.RC2

7.5.0.v20110901

7.5.1.v20110908

7.5.2.v20111006

7.5.3.v20111011

7.5.4.v20111024

7.6.0.RC0

7.6.0.RC1

7.6.0.RC2

7.6.0.RC3

7.6.0.RC4

7.6.0.RC5

7.6.0.v20120127

7.6.1.v20120215

7.6.2.v20120308

7.6.3.v20120416

7.6.4.v20120524

7.6.5.v20120716

7.6.6.v20120903

7.6.7.v20120910

7.6.8.v20121106

7.6.9.v20130131

7.6.10.v20130312

7.6.11.v20130520

7.6.12.v20130726

7.6.13.v20130916

7.6.14.v20131031

7.6.15.v20140411

7.6.16.v20140903

7.6.17.v20150415

7.6.18.v20150929

7.6.19.v20160209

7.6.20.v20160902

7.6.21.v20160908

8.*

8.0.0.M0

8.0.0.M1

8.0.0.M2

8.0.0.M3

8.0.0.RC0

8.0.0.v20110901

8.0.1.v20110908

8.0.2.v20111006

8.0.3.v20111011

8.0.4.v20111024

8.1.0.RC0

8.1.0.RC1

8.1.0.RC2

8.1.0.RC4

8.1.0.RC5

8.1.0.v20120127

8.1.1.v20120215

8.1.2.v20120308

8.1.3.v20120416

8.1.4.v20120524

8.1.5.v20120716

8.1.6.v20120903

8.1.7.v20120910

8.1.8.v20121106

8.1.9.v20130131

8.1.10.v20130312

8.1.11.v20130520

8.1.12.v20130726

8.1.13.v20130916

8.1.14.v20131031

8.1.15.v20140411

8.1.16.v20140903

8.1.17.v20150415

8.1.18.v20150929

8.1.19.v20160209

8.1.20.v20160902

8.1.21.v20160908

8.1.22.v20160922

8.2.0.v20160908

9.*

9.0.0.M0

9.0.0.M1

9.0.0.M2

9.0.0.M3

9.0.0.M4

9.0.0.M5

9.0.0.RC0

9.0.0.RC1

9.0.0.RC2

9.0.0.v20130308

9.0.1.v20130408

9.0.2.v20130417

9.0.3.v20130506

9.0.4.v20130625

9.0.5.v20130815

9.0.6.v20130930

9.0.7.v20131107

9.1.0.M0

9.1.0.RC0

9.1.0.RC1

9.1.0.RC2

9.1.0.v20131115

9.1.1.v20140108

9.1.2.v20140210

9.1.3.v20140225

9.1.4.v20140401

9.1.5.v20140505

9.1.6.v20160112

9.2.0.M0

9.2.0.M1

9.2.0.RC0

9.2.0.v20140526

9.2.1.v20140609

9.2.2.v20140723

9.2.3.v20140905

9.2.4.v20141103

9.2.5.v20141112

9.2.6.v20141205

9.2.7.v20150116

9.2.8.v20150217

9.2.9.v20150224

9.2.10.v20150310

9.2.11.M0

9.2.11.v20150529

9.2.12.M0

9.2.12.v20150709

9.2.13.v20150730

9.2.14.v20151106

9.2.15.v20160210

9.2.16.v20160414

9.2.17.v20160517

9.2.18.v20160721

9.2.19.v20160908

9.2.20.v20161216

9.2.21.v20170120

9.2.22.v20170606

9.2.23.v20171218

9.2.24.v20180105

9.2.25.v20180606

9.2.26.v20180806

Database specific

{
    "last_known_affected_version_range": "<= 9.2.26.v20180806"
}

Maven / org.eclipse.jetty:jetty-server

Package

Name: org.eclipse.jetty:jetty-server; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.jetty/jetty-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.3.0

Fixed

9.3.26.v20190403

Affected versions

9.*

9.3.0.v20150612

9.3.1.v20150714

9.3.2.v20150730

9.3.3.v20150827

9.3.4.RC0

9.3.4.RC1

9.3.4.v20151007

9.3.5.v20151012

9.3.6.v20151106

9.3.7.RC0

9.3.7.RC1

9.3.7.v20160115

9.3.8.RC0

9.3.8.v20160314

9.3.9.M0

9.3.9.M1

9.3.9.v20160517

9.3.10.M0

9.3.10.v20160621

9.3.11.M0

9.3.11.v20160721

9.3.12.v20160915

9.3.13.M0

9.3.13.v20161014

9.3.14.v20161028

9.3.15.v20161220

9.3.16.v20170120

9.3.17.RC0

9.3.17.v20170317

9.3.18.v20170406

9.3.19.v20170502

9.3.20.v20170531

9.3.21.M0

9.3.21.RC0

9.3.21.v20170918

9.3.22.v20171030

9.3.23.v20180228

9.3.24.v20180605

9.3.25.v20180904

Database specific

{
    "last_known_affected_version_range": "<= 9.3.25.v20180904"
}

Maven / org.eclipse.jetty:jetty-server

Package

Name: org.eclipse.jetty:jetty-server; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.jetty/jetty-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.4.0

Fixed

9.4.16.v20190411

Affected versions

9.*

9.4.0.v20161208

9.4.0.v20180619

9.4.1.v20170120

9.4.1.v20180619

9.4.2.v20170220

9.4.2.v20180619

9.4.3.v20170317

9.4.3.v20180619

9.4.4.v20170414

9.4.4.v20180619

9.4.5.v20170502

9.4.5.v20180619

9.4.6.v20170531

9.4.6.v20180619

9.4.7.RC0

9.4.7.v20170914

9.4.7.v20180619

9.4.8.v20171121

9.4.8.v20180619

9.4.9.v20180320

9.4.10.RC0

9.4.10.RC1

9.4.10.v20180503

9.4.11.v20180605

9.4.12.RC0

9.4.12.RC1

9.4.12.RC2

9.4.12.v20180830

9.4.13.v20181111

9.4.14.v20181114

9.4.15.v20190215

Database specific

{
    "last_known_affected_version_range": "<= 9.4.15.v20190215"
}