CVE-2022-2191: Improper Resource Shutdown or Release

July 7, 2022 (updated September 23, 2022)

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

References

github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28
nvd.nist.gov/vuln/detail/CVE-2022-2191

Detect and mitigate CVE-2022-2191 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →