GHSA-mq4x-8whh-jx73

Suggest an improvement
Source
https://github.com/advisories/GHSA-mq4x-8whh-jx73
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mq4x-8whh-jx73/GHSA-mq4x-8whh-jx73.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-mq4x-8whh-jx73
Aliases
  • CVE-2006-2759
Published
2022-05-01T07:02:10Z
Modified
2023-11-08T03:56:46.786542Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Improper Input Validation in Mortbay Jetty
Details

jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.

References

Affected packages

Maven / org.mortbay.jetty:jetty

Package

Name
org.mortbay.jetty:jetty
View open source insights on deps.dev
Purl
pkg:maven/org.mortbay.jetty/jetty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.0

Affected versions

4.*

4.1-rc1
4.1-rc6
4.2.2
4.2.3
4.2.9
4.2.10
4.2.12

6.*

6.0.0Beta1
6.0.0beta1
6.0.0beta2
6.0.0beta3
6.0.0beta4
6.0.0beta5
6.0.0beta6
6.0.0beta7
6.0.0beta8
6.0.0beta9
6.0.0beta10
6.0.0beta11
6.0.0beta12
6.0.0beta14
6.0.0beta15
6.0.0beta16
6.0.0beta17
6.0.0rc0
6.0.0rc1
6.0.0rc2
6.0.0rc3
6.0.0rc4