Security: jetty/jetty.project
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
JaspiAuthenticator broken access controlGHSA-r7p8-xq5m-436c published
Apr 11, 2026 by olamyHigh -
HTTP Request Smuggling via Chunked Extension Quoted-String ParsingGHSA-355h-qmc2-wpwf published
Apr 14, 2026 by olamyHigh -
Gzip request memory leakGHSA-xxh7-fcf3-rj7f published
Mar 5, 2026 by lukpuehHigh -
Different parsing of invalid URIsGHSA-wjpw-4j6x-6rwh published
Mar 5, 2026 by olamyLow -
MadeYouReset HTTP/2 vulnerabilityGHSA-mmxm-8w33-wc4h published
Aug 20, 2025 by sbordetHigh -
HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exitGHSA-889j-63jv-qhr8 published
May 8, 2025 by joakimeHigh -
**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate requestGHSA-q4rv-gq96-w7c5 published
May 8, 2025 by joakimeHigh -
URI parsing of invalid authorityGHSA-qh8g-58pp-2wxh published
Oct 14, 2024 by joakimeLow -
ThreadLimitHandler.getRemote() vulnerable to remote DoS attacksGHSA-g8m5-722r-8whq published
Oct 14, 2024 by joakimeModerate -
Connection leaking on idle timeout when TCP congestedGHSA-rggv-cv7r-mw98 published
Feb 26, 2024 by joakimeHigh