Описание
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| jetty9 | not-affected | package |
Примечания
https://github.com/eclipse/jetty.project/issues/8161
https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28
Связанные уязвимости
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
Jetty SslConnection does not release pooled ByteBuffers in case of errors
Уязвимость компонента SslConnections контейнера сервлетов Eclipse Jetty, позволяющая нарушителю вызвать отказ в обслуживании