CVE-2021-28165

Uncontrolled Resource Consumption in maven/org.eclipse.jetty/jetty-client

Identifiers

CVE-2021-28165, GHSA-26vr-8j45-3r4w

Package Slug

maven/org.eclipse.jetty/jetty-client

Vulnerability

Uncontrolled Resource Consumption

Description

In Eclipse Jetty to alpha0 to alpha0 to, CPU usage can reach % upon receiving a large invalid TLS frame.

Affected Versions

All versions starting from 7.2.2 before 9.4.39, all versions starting from 10.0.0 before 10.0.2, all versions starting from 11.0.0 before 11.0.2

Solution

Upgrade to versions 9.4.39.v20210325, 10.0.2, 11.0.2 or above.

Last Modified

2021-04-10

source