CVE-2022-2047: Improper Input Validation

July 7, 2022 (updated October 25, 2022)

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

References

github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
nvd.nist.gov/vuln/detail/CVE-2022-2047

Detect and mitigate CVE-2022-2047 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →