Vulnerability-Lookup

CVE-2021-34429 (GCVE-0-2021-34429)

Vulnerability from cvelistv5 – Published: 2021-07-15 17:00 – Updated: 2024-08-04 00:12

Summary

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

Assigner

eclipse

References

38 references

URL	Tags
https://github.com/eclipse/jetty.project/security…	x_refsource_CONFIRM
https://lists.apache.org/thread.html/r7dd079fa0ac…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r90e7b4c42a9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r763840320a8…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2a3ea27cca2…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r8e6c116628c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r029c0c6833c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r46f748c1dc9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc26807be687…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb33d65c3e56…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9e6158d72ef…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r3aefe613abc…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6e6f50c1ce1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r46900f74dbb…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r679d96f981d…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r02f940c27e9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9d245c6c884…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r756443e9d50…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re5e9bb535db…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4727d282b5c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re01890eef49…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re3de01414cc…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r74fdc446df5…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r5678d994d4d…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2e32390cb7a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rcb157f55b9a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r44ea39ca811…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0626f279ebf…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r48a93f2bc02…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rcea249eb7a0…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r833a4c8bdbb…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r721ab6a5fa8…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re850203ef87…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r3c55b0baa4d…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2021081…	x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
The Eclipse Foundation	Eclipse Jetty	Affected: 9.4.37 , < unspecified (custom) Affected: unspecified , ≤ 9.4.42 (custom) Affected: 10.0.1 , < unspecified (custom) Affected: unspecified , ≤ 10.0.5 (custom) Affected: 11.0.1 , < unspecified (custom) Affected: unspecified , ≤ 11.0.5 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:12:50.169Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
          },
          {
            "name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210819-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse Jetty",
          "vendor": "The Eclipse Foundation",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.4.37",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.4.42",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "10.0.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "11.0.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "11.0.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-551",
              "description": "CWE-551",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:29:06.000Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
        },
        {
          "name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210819-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2021-34429",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Eclipse Jetty",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.4.37"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "9.4.42"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "10.0.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "10.0.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "11.0.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "11.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Eclipse Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-551"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm",
              "refsource": "CONFIRM",
              "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
            },
            {
              "name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1@%3Cdev.santuario.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857@%3Ccommits.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64@%3Ccommits.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe@%3Ccommits.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c@%3Cdev.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210819-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210819-0006/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2021-34429",
    "datePublished": "2021-07-15T17:00:10.000Z",
    "dateReserved": "2021-06-09T00:00:00.000Z",
    "dateUpdated": "2024-08-04T00:12:50.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-34429",
      "date": "2026-05-20",
      "epss": "0.93778",
      "percentile": "0.99861"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.4.37\", \"versionEndExcluding\": \"9.4.43\", \"matchCriteriaId\": \"BBBFAC86-5AEA-467D-93ED-FD4DAB3469A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.1\", \"versionEndExcluding\": \"10.0.6\", \"matchCriteriaId\": \"9BE0C2EA-CCA1-4ADF-99AC-B34D6713F0C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.1\", \"versionEndExcluding\": \"11.0.6\", \"matchCriteriaId\": \"3DBE2C80-1D28-4BCA-9969-C6DB35E64BEC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndIncluding\": \"11.70.1\", \"matchCriteriaId\": \"73F81EC3-4AB0-4CD7-B845-267C5974DE98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*\", \"matchCriteriaId\": \"1AEFF829-A8F2-4041-8DDF-E705DB3ADED2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"214712B6-59AF-4B5E-84BF-AF3C74A390EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3C19813-E823-456A-B1CE-EC0684CE1953\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F4754FB-E3EB-454A-AB1A-AE3835C5350C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"DC01D8F3-291A-44E5-99C1-6771F6656E0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97994257-C9A4-4491-B362-E8B25B7187AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6B6FE82-7BFA-481D-99D6-789B146CA18B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAEB09CA-9352-43CD-AF66-92BE416E039C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AB059F2-FEC4-4180-8A90-39965495055E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A276784-877B-4A29-A8F1-70518A438A9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0.0\", \"versionEndIncluding\": \"8.5.0.2\", \"matchCriteriaId\": \"590ADE5F-0D0F-4576-8BA6-828758823442\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55F091C7-0869-4FD6-AC73-DA697D990304\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D134C60-F9E2-46C2-8466-DB90AD98439E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*\", \"versionEndExcluding\": \"22.1.1\", \"matchCriteriaId\": \"105BF985-2403-455E-BAA1-509245B54A1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BAE5686-8E11-4EF1-BC7E-5C565F2440C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:stream_analytics:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"19.1.0.0.6.4\", \"matchCriteriaId\": \"847E8F6A-6115-4CCB-B16B-5DA8427958C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:stream_analytics:19c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E7B7A7D-BA3D-4ADA-B87C-F222B0722AF2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.\"}, {\"lang\": \"es\", \"value\": \"Para Eclipse Jetty versiones 9.4.37-9.4.42, 10.0.1-10.0.5 y 11.0.1-11.0.5, los URIs pueden ser dise\\u00f1ados usando algunos caracteres codificados para acceder al contenido del directorio WEB-INF y/o omitir algunas restricciones de seguridad. Esta es una variaci\\u00f3n de la vulnerabilidad reportada en CVE-2021-28164/GHSA-v7ff-8wcx-gmc5\"}]",
      "id": "CVE-2021-34429",
      "lastModified": "2024-11-21T06:10:23.447",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"emo@eclipse.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-07-15T17:15:08.637",
      "references": "[{\"url\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210819-0006/\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210819-0006/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "emo@eclipse.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"emo@eclipse.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}, {\"lang\": \"en\", \"value\": \"CWE-551\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-34429\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2021-07-15T17:15:08.637\",\"lastModified\":\"2024-11-21T06:10:23.447\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.\"},{\"lang\":\"es\",\"value\":\"Para Eclipse Jetty versiones 9.4.37-9.4.42, 10.0.1-10.0.5 y 11.0.1-11.0.5, los URIs pueden ser dise\u00f1ados usando algunos caracteres codificados para acceder al contenido del directorio WEB-INF y/o omitir algunas restricciones de seguridad. Esta es una variaci\u00f3n de la vulnerabilidad reportada en CVE-2021-28164/GHSA-v7ff-8wcx-gmc5\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-551\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.4.37\",\"versionEndExcluding\":\"9.4.43\",\"matchCriteriaId\":\"BBBFAC86-5AEA-467D-93ED-FD4DAB3469A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.1\",\"versionEndExcluding\":\"10.0.6\",\"matchCriteriaId\":\"9BE0C2EA-CCA1-4ADF-99AC-B34D6713F0C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.1\",\"versionEndExcluding\":\"11.0.6\",\"matchCriteriaId\":\"3DBE2C80-1D28-4BCA-9969-C6DB35E64BEC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndIncluding\":\"11.70.1\",\"matchCriteriaId\":\"73F81EC3-4AB0-4CD7-B845-267C5974DE98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*\",\"matchCriteriaId\":\"1AEFF829-A8F2-4041-8DDF-E705DB3ADED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"214712B6-59AF-4B5E-84BF-AF3C74A390EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C19813-E823-456A-B1CE-EC0684CE1953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F4754FB-E3EB-454A-AB1A-AE3835C5350C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"DC01D8F3-291A-44E5-99C1-6771F6656E0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97994257-C9A4-4491-B362-E8B25B7187AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6B6FE82-7BFA-481D-99D6-789B146CA18B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAEB09CA-9352-43CD-AF66-92BE416E039C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AB059F2-FEC4-4180-8A90-39965495055E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A276784-877B-4A29-A8F1-70518A438A9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0.0\",\"versionEndIncluding\":\"8.5.0.2\",\"matchCriteriaId\":\"590ADE5F-0D0F-4576-8BA6-828758823442\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55F091C7-0869-4FD6-AC73-DA697D990304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D134C60-F9E2-46C2-8466-DB90AD98439E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"22.1.1\",\"matchCriteriaId\":\"105BF985-2403-455E-BAA1-509245B54A1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BAE5686-8E11-4EF1-BC7E-5C565F2440C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:stream_analytics:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.1.0.0.6.4\",\"matchCriteriaId\":\"847E8F6A-6115-4CCB-B16B-5DA8427958C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:stream_analytics:19c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E7B7A7D-BA3D-4ADA-B87C-F222B0722AF2\"}]}]}],\"references\":[{\"url\":\"https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210819-0006/\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210819-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2022-AVI-523

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	IBM QRadar SIEM versions antérieures à 7.5 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.5-20220217192923
IBM	MaaS360	IBM MaaS360 Cloud Extender Agent versions antérieures à 2.106.500.011
IBM	MaaS360	IBM MaaS360 VPN Module versions antérieures à 2.106.500
IBM	QRadar SIEM	IBM QRadar SIEM versions antérieures à 7.3 sans le correctif de sécurité 7.3.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.3-20220214173614
IBM	MaaS360	IBM MaaS360 Mobile Enterprise Gateway versions antérieures à 2.106.500
IBM	QRadar SIEM	IBM QRadar SIEM versions antérieures à 7.4 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.4-20220217192850

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6592779	2022-06-06	vendor-advisory
Bulletin de sécurité IBM 6592807	2022-06-06	vendor-advisory
Bulletin de sécurité IBM 6592799	2022-06-06	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.5 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.5-20220217192923",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 Cloud Extender Agent versions ant\u00e9rieures \u00e0 2.106.500.011",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 VPN Module versions ant\u00e9rieures \u00e0 2.106.500",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.3 sans le correctif de s\u00e9curit\u00e9 7.3.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.3-20220214173614",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 Mobile Enterprise Gateway versions ant\u00e9rieures \u00e0 2.106.500",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.4 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.4-20220217192850",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22950"
    },
    {
      "name": "CVE-2022-22965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
    },
    {
      "name": "CVE-2021-28169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
    },
    {
      "name": "CVE-2021-35516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
    },
    {
      "name": "CVE-2021-35517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
    },
    {
      "name": "CVE-2021-28163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
    },
    {
      "name": "CVE-2021-28165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
    },
    {
      "name": "CVE-2021-36090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
    },
    {
      "name": "CVE-2021-22060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22060"
    },
    {
      "name": "CVE-2022-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0547"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2021-34429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34429"
    },
    {
      "name": "CVE-2021-28164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
    },
    {
      "name": "CVE-2021-35515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
    },
    {
      "name": "CVE-2021-34428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-523",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2022-06-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6592779",
      "url": "https://www.ibm.com/support/pages/node/6592779"
    },
    {
      "published_at": "2022-06-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6592807",
      "url": "https://www.ibm.com/support/pages/node/6592807"
    },
    {
      "published_at": "2022-06-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6592799",
      "url": "https://www.ibm.com/support/pages/node/6592799"
    }
  ]
}

CERTFR-2022-AVI-767

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.3.x antérieures à 7.3.3 Fix Pack 12
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 Update Pack 2
IBM	Spectrum	IBM Spectrum Discover versions antérieures à 2.0.4.7
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.4.x antérieures à 7.4.3 Fix Pack 6

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6614909 du 23 août 2022	None	vendor-advisory
Bulletin de sécurité IBM 6614725 du 23 août 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Fix Pack 12",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Pack 2",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Discover versions ant\u00e9rieures \u00e0 2.0.4.7",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Fix Pack 6",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-44906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
    },
    {
      "name": "CVE-2021-20180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20180"
    },
    {
      "name": "CVE-2021-45960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
    },
    {
      "name": "CVE-2022-24407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
    },
    {
      "name": "CVE-2020-25658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25658"
    },
    {
      "name": "CVE-2020-15084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15084"
    },
    {
      "name": "CVE-2021-28169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
    },
    {
      "name": "CVE-2021-3677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3677"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2022-24773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24773"
    },
    {
      "name": "CVE-2022-25315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
    },
    {
      "name": "CVE-2022-22822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
    },
    {
      "name": "CVE-2020-7720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
    },
    {
      "name": "CVE-2022-24302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
    },
    {
      "name": "CVE-2020-14330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14330"
    },
    {
      "name": "CVE-2021-42581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
    },
    {
      "name": "CVE-2021-43138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
    },
    {
      "name": "CVE-2021-28163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
    },
    {
      "name": "CVE-2021-28165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2022-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
    },
    {
      "name": "CVE-2021-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
    },
    {
      "name": "CVE-2021-43859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43859"
    },
    {
      "name": "CVE-2022-25235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
    },
    {
      "name": "CVE-2021-41496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41496"
    },
    {
      "name": "CVE-2021-46143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
    },
    {
      "name": "CVE-2021-46462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46462"
    },
    {
      "name": "CVE-2021-22060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22060"
    },
    {
      "name": "CVE-2021-23386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23386"
    },
    {
      "name": "CVE-2022-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0718"
    },
    {
      "name": "CVE-2019-18874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18874"
    },
    {
      "name": "CVE-2022-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
    },
    {
      "name": "CVE-2022-1214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1214"
    },
    {
      "name": "CVE-2022-24772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
    },
    {
      "name": "CVE-2022-25236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
    },
    {
      "name": "CVE-2022-22720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
    },
    {
      "name": "CVE-2021-34429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34429"
    },
    {
      "name": "CVE-2022-0122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0122"
    },
    {
      "name": "CVE-2021-28164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
    },
    {
      "name": "CVE-2022-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
    },
    {
      "name": "CVE-2022-24771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
    },
    {
      "name": "CVE-2021-44907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
    },
    {
      "name": "CVE-2017-1000048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
    },
    {
      "name": "CVE-2021-46461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46461"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2021-34141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
    },
    {
      "name": "CVE-2020-13757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13757"
    },
    {
      "name": "CVE-2020-7598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
    },
    {
      "name": "CVE-2021-3533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3533"
    },
    {
      "name": "CVE-2021-46463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46463"
    },
    {
      "name": "CVE-2017-16137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
    },
    {
      "name": "CVE-2022-26488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
    },
    {
      "name": "CVE-2021-34428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
    },
    {
      "name": "CVE-2020-28463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28463"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-767",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-08-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6614909 du 23 ao\u00fbt 2022",
      "url": "https://www.ibm.com/support/pages/node/6614909"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6614725 du 23 ao\u00fbt 2022",
      "url": "https://www.ibm.com/support/pages/node/6614725"
    }
  ]
}

CERTFR-2022-AVI-523

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	IBM QRadar SIEM versions antérieures à 7.5 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.5-20220217192923
IBM	MaaS360	IBM MaaS360 Cloud Extender Agent versions antérieures à 2.106.500.011
IBM	MaaS360	IBM MaaS360 VPN Module versions antérieures à 2.106.500
IBM	QRadar SIEM	IBM QRadar SIEM versions antérieures à 7.3 sans le correctif de sécurité 7.3.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.3-20220214173614
IBM	MaaS360	IBM MaaS360 Mobile Enterprise Gateway versions antérieures à 2.106.500
IBM	QRadar SIEM	IBM QRadar SIEM versions antérieures à 7.4 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.4-20220217192850

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6592779	2022-06-06	vendor-advisory
Bulletin de sécurité IBM 6592807	2022-06-06	vendor-advisory
Bulletin de sécurité IBM 6592799	2022-06-06	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.5 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.5-20220217192923",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 Cloud Extender Agent versions ant\u00e9rieures \u00e0 2.106.500.011",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 VPN Module versions ant\u00e9rieures \u00e0 2.106.500",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.3 sans le correctif de s\u00e9curit\u00e9 7.3.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.3-20220214173614",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 Mobile Enterprise Gateway versions ant\u00e9rieures \u00e0 2.106.500",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.4 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.4-20220217192850",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22950"
    },
    {
      "name": "CVE-2022-22965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
    },
    {
      "name": "CVE-2021-28169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
    },
    {
      "name": "CVE-2021-35516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
    },
    {
      "name": "CVE-2021-35517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
    },
    {
      "name": "CVE-2021-28163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
    },
    {
      "name": "CVE-2021-28165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
    },
    {
      "name": "CVE-2021-36090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
    },
    {
      "name": "CVE-2021-22060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22060"
    },
    {
      "name": "CVE-2022-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0547"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2021-34429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34429"
    },
    {
      "name": "CVE-2021-28164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
    },
    {
      "name": "CVE-2021-35515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
    },
    {
      "name": "CVE-2021-34428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-523",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2022-06-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6592779",
      "url": "https://www.ibm.com/support/pages/node/6592779"
    },
    {
      "published_at": "2022-06-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6592807",
      "url": "https://www.ibm.com/support/pages/node/6592807"
    },
    {
      "published_at": "2022-06-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6592799",
      "url": "https://www.ibm.com/support/pages/node/6592799"
    }
  ]
}

CERTFR-2022-AVI-767

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.3.x antérieures à 7.3.3 Fix Pack 12
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 Update Pack 2
IBM	Spectrum	IBM Spectrum Discover versions antérieures à 2.0.4.7
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.4.x antérieures à 7.4.3 Fix Pack 6

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6614909 du 23 août 2022	None	vendor-advisory
Bulletin de sécurité IBM 6614725 du 23 août 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Fix Pack 12",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Pack 2",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Discover versions ant\u00e9rieures \u00e0 2.0.4.7",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Fix Pack 6",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-44906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
    },
    {
      "name": "CVE-2021-20180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20180"
    },
    {
      "name": "CVE-2021-45960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
    },
    {
      "name": "CVE-2022-24407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
    },
    {
      "name": "CVE-2020-25658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25658"
    },
    {
      "name": "CVE-2020-15084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15084"
    },
    {
      "name": "CVE-2021-28169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
    },
    {
      "name": "CVE-2021-3677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3677"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2022-24773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24773"
    },
    {
      "name": "CVE-2022-25315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
    },
    {
      "name": "CVE-2022-22822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
    },
    {
      "name": "CVE-2020-7720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
    },
    {
      "name": "CVE-2022-24302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
    },
    {
      "name": "CVE-2020-14330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14330"
    },
    {
      "name": "CVE-2021-42581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
    },
    {
      "name": "CVE-2021-43138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
    },
    {
      "name": "CVE-2021-28163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
    },
    {
      "name": "CVE-2021-28165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2022-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
    },
    {
      "name": "CVE-2021-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
    },
    {
      "name": "CVE-2021-43859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43859"
    },
    {
      "name": "CVE-2022-25235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
    },
    {
      "name": "CVE-2021-41496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41496"
    },
    {
      "name": "CVE-2021-46143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
    },
    {
      "name": "CVE-2021-46462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46462"
    },
    {
      "name": "CVE-2021-22060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22060"
    },
    {
      "name": "CVE-2021-23386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23386"
    },
    {
      "name": "CVE-2022-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0718"
    },
    {
      "name": "CVE-2019-18874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18874"
    },
    {
      "name": "CVE-2022-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
    },
    {
      "name": "CVE-2022-1214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1214"
    },
    {
      "name": "CVE-2022-24772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
    },
    {
      "name": "CVE-2022-25236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
    },
    {
      "name": "CVE-2022-22720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
    },
    {
      "name": "CVE-2021-34429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34429"
    },
    {
      "name": "CVE-2022-0122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0122"
    },
    {
      "name": "CVE-2021-28164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
    },
    {
      "name": "CVE-2022-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
    },
    {
      "name": "CVE-2022-24771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
    },
    {
      "name": "CVE-2021-44907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
    },
    {
      "name": "CVE-2017-1000048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
    },
    {
      "name": "CVE-2021-46461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46461"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2021-34141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
    },
    {
      "name": "CVE-2020-13757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13757"
    },
    {
      "name": "CVE-2020-7598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
    },
    {
      "name": "CVE-2021-3533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3533"
    },
    {
      "name": "CVE-2021-46463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46463"
    },
    {
      "name": "CVE-2017-16137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
    },
    {
      "name": "CVE-2022-26488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
    },
    {
      "name": "CVE-2021-34428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
    },
    {
      "name": "CVE-2020-28463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28463"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-767",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-08-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6614909 du 23 ao\u00fbt 2022",
      "url": "https://www.ibm.com/support/pages/node/6614909"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6614725 du 23 ao\u00fbt 2022",
      "url": "https://www.ibm.com/support/pages/node/6614725"
    }
  ]
}

BDU:2022-01815

Vulnerability from fstec - Published: 15.07.2021

Title

Уязвимость контейнера сервлетов Jetty, связанная с неправильной авторизацией, позволяющая нарушителю получить доступ к конфиденциальным данным

Description

Уязвимость контейнера сервлетов Jetty связана с неправильной авторизацией. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vendor

Сообщество свободного программного обеспечения, Eclipse Foundation, IBM Corp., АО "НППКТ"

Software Name

Debian GNU/Linux, Jetty, IBM QRadar SIEM, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

9 (Debian GNU/Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), от 10.0.1 до 10.0.6 (Jetty), от 11.0.1 до 11.0.6 (Jetty), от 9.4.37 до 9.4.43 (Jetty), от 7.3 до 7.3.3 Fix Pack 12 (IBM QRadar SIEM), от 7.4 до 7.4.3 Fix Pack 6 (IBM QRadar SIEM), от 7.5 до 7.5.0 Update Pack 2 (IBM QRadar SIEM), до 2.5 (ОСОН ОСнова Оnyx)

Possible Mitigations

Для Jetty: использование рекомендаций производителя: https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm Для Debian: использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2021-34429 Для программных продуктов IBM Corp.: https://www.ibm.com/support/pages/node/6614725 Для ОСОН Основа: Обновление программного обеспечения jetty9 до версии 9.4.39+repack-3osnova1

Reference

https://github.com/eclipse/jetty.project/pull/6477 https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm https://nvd.nist.gov/vuln/detail/CVE-2021-34429 https://security-tracker.debian.org/tracker/CVE-2021-34429 https://www.ibm.com/support/pages/node/6614725 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/

CWE

CWE-863

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Eclipse Foundation, IBM Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), \u043e\u0442 10.0.1 \u0434\u043e 10.0.6 (Jetty), \u043e\u0442 11.0.1 \u0434\u043e 11.0.6 (Jetty), \u043e\u0442 9.4.37 \u0434\u043e 9.4.43 (Jetty), \u043e\u0442 7.3 \u0434\u043e 7.3.3 Fix Pack 12 (IBM QRadar SIEM), \u043e\u0442 7.4 \u0434\u043e 7.4.3 Fix Pack 6 (IBM QRadar SIEM), \u043e\u0442 7.5 \u0434\u043e 7.5.0 Update Pack 2 (IBM QRadar SIEM), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Jetty:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2021-34429\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 IBM Corp.:\nhttps://www.ibm.com/support/pages/node/6614725\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f jetty9 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 9.4.39+repack-3osnova1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.07.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.10.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-01815",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-34429",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Jetty, IBM QRadar SIEM, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0441\u0435\u0440\u0432\u043b\u0435\u0442\u043e\u0432 Jetty, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0435\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-863)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0441\u0435\u0440\u0432\u043b\u0435\u0442\u043e\u0432 Jetty \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/eclipse/jetty.project/pull/6477\nhttps://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-34429\nhttps://security-tracker.debian.org/tracker/CVE-2021-34429\nhttps://www.ibm.com/support/pages/node/6614725\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-863",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}

FKIE_CVE-2021-34429

Vulnerability from fkie_nvd - Published: 2021-07-15 17:15 - Updated: 2024-11-21 06:10

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
emo@eclipse.org	https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm	Exploit, Third Party Advisory
emo@eclipse.org	https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E
emo@eclipse.org	https://security.netapp.com/advisory/ntap-20210819-0006/	Third Party Advisory
emo@eclipse.org	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Third Party Advisory
emo@eclipse.org	https://www.oracle.com/security-alerts/cpujan2022.html	Patch, Third Party Advisory
emo@eclipse.org	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210819-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
eclipse	jetty	*
eclipse	jetty	*
eclipse	jetty	*
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	element_plug-in_for_vcenter_server	-
netapp	hci_management_node	-
netapp	snap_creator_framework	-
netapp	snapcenter_plug-in	-
netapp	solidfire	-
oracle	autovue_for_agile_product_lifecycle_management	21.0.2
oracle	communications_cloud_native_core_binding_support_function	1.10.0
oracle	communications_cloud_native_core_security_edge_protection_proxy	1.5.0
oracle	communications_cloud_native_core_service_communication_proxy	1.14.0
oracle	communications_cloud_native_core_unified_data_repository	1.14.0
oracle	communications_diameter_signaling_router	*
oracle	financial_services_crime_and_compliance_management_studio	8.0.8.2.0
oracle	financial_services_crime_and_compliance_management_studio	8.0.8.3.0
oracle	rest_data_services	*
oracle	retail_eftlink	20.0.1
oracle	stream_analytics	*
oracle	stream_analytics	19c

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBBFAC86-5AEA-467D-93ED-FD4DAB3469A2",
              "versionEndExcluding": "9.4.43",
              "versionStartIncluding": "9.4.37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE0C2EA-CCA1-4ADF-99AC-B34D6713F0C6",
              "versionEndExcluding": "10.0.6",
              "versionStartIncluding": "10.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DBE2C80-1D28-4BCA-9969-C6DB35E64BEC",
              "versionEndExcluding": "11.0.6",
              "versionStartIncluding": "11.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "214712B6-59AF-4B5E-84BF-AF3C74A390EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "DC01D8F3-291A-44E5-99C1-6771F6656E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B6FE82-7BFA-481D-99D6-789B146CA18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAEB09CA-9352-43CD-AF66-92BE416E039C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AB059F2-FEC4-4180-8A90-39965495055E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A276784-877B-4A29-A8F1-70518A438A9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "590ADE5F-0D0F-4576-8BA6-828758823442",
              "versionEndIncluding": "8.5.0.2",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55F091C7-0869-4FD6-AC73-DA697D990304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D134C60-F9E2-46C2-8466-DB90AD98439E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "105BF985-2403-455E-BAA1-509245B54A1D",
              "versionEndExcluding": "22.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:stream_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "847E8F6A-6115-4CCB-B16B-5DA8427958C4",
              "versionEndExcluding": "19.1.0.0.6.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:stream_analytics:19c:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E7B7A7D-BA3D-4ADA-B87C-F222B0722AF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5."
    },
    {
      "lang": "es",
      "value": "Para Eclipse Jetty versiones 9.4.37-9.4.42, 10.0.1-10.0.5 y 11.0.1-11.0.5, los URIs pueden ser dise\u00f1ados usando algunos caracteres codificados para acceder al contenido del directorio WEB-INF y/o omitir algunas restricciones de seguridad. Esta es una variaci\u00f3n de la vulnerabilidad reportada en CVE-2021-28164/GHSA-v7ff-8wcx-gmc5"
    }
  ],
  "id": "CVE-2021-34429",
  "lastModified": "2024-11-21T06:10:23.447",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "emo@eclipse.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-15T17:15:08.637",
  "references": [
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210819-0006/"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210819-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "emo@eclipse.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-551"
        }
      ],
      "source": "emo@eclipse.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VJV5-GP2W-65VM

Vulnerability from github – Published: 2021-07-19 15:15 – Updated: 2022-04-19 15:15

Summary

Encoded URIs can access WEB-INF directory in Eclipse Jetty

Details

Description

URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

Impact

The default compliance mode allows requests with URIs that contain a %u002e segment to access protected resources within the WEB-INF directory. For example, a request to /%u002e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. Similarly, an encoded null character can prevent correct normalization so that /.%00/WEB-INF/web.xml cal also retrieve the web.xml file.

Workarounds

Some Jetty rewrite rules can be deployed to rewrite any request containing encoded dot segments or null characters in the raw request URI, to a known not found resource:

<Call name="addRule">
  <Arg>
    <New class="org.eclipse.jetty.rewrite.handler.RewriteRegexRule">
      <Set name="regex">.*/(?:\.+/)+.*</Set>
      <Set name="replacement">/WEB-INF/Not-Found</Set>
    </New>
  </Arg>
</Call>
<Call name="addRule">
  <Arg>
    <New class="org.eclipse.jetty.rewrite.handler.ValidUrlRule"/>
  </Arg>
</Call>

Analysis

Prior to 9.4.37, Jetty was protected from this style of attack by two lines of defense: + URIs were decoded first and then normalized for . and .. sequences. Whilst this is not according to the RFC, it did remove relative segments that were encoded or parameterized and made the resulting URI paths safe from any repeated normalization (often done by URI manipulation and file system mapping). + The FileResource class treated any difference between absolute path and canonical path of a resource as an alias, and thus the resource would not be served by default.

Prior to 9.4.37, the FileResource class was replaced by the PathResource class that did not treat normalization differences as aliases. Then release 9.4.37 updated the URI parsing to be compliant with the RFC, in that normalization is done before decoding. This allowed various encodings or adornments to relative path segments that would not be normalized by the pure RFC URI normalization, but were normalized by the file system, thus allowing protected resources to be accessed via an alias. Specifically by decoding URIs after normalization, it left them vulnerable to any subsequent normalization (potentially after checking security constraints) changing the URI singificantly. Such extra normalization is often down by URI manipulation code and file systems.

With Jetty releases 9.4.43, 10.0.6, 11.0.6, we have restored several lines of defense: + URIs are first decoded and then normalized which is not strictly according to the current RFC. Since the normalization is done after decoding, the URI paths produced are safe from further normalisation and the referenced resource cannot easily be so changed after passing security constraints. + During URI parsing checks are made for some specific segments/characters that are possible to be seen ambiguously by an application (e.g. encode dot segments, encoded separators, empty segments, parameterized dot segments and/or null characters). So even though Jetty code handles these URIs correctly, there is a risk that an application may not do so, thus such requests are rejected with a 400 Bad Request unless a specific compliance mode is set. + Once decoded and normalized by initial URI processing, Jetty will not decode or normalize a received URI again within its own resource handling. This avoids to possibility of double decode attacks. + The ContextHandler.getResource(String path) method always checks that the passed path is normalized, only accepting a non normal path if approved by an AliasChecker. This is the method that is directly used by Jetty resource serving. + The API methods like ServletContext.getResource(String path) will normalize the prior to calling ContextHandler.getResource(String path). This allows applications to use non normal paths. + The PathResource class now considers any difference in normal/canonical name between a request resource name and the found resource name to be an alias, which will only be served if approved by an explicit AliasChecker

In summary, the defense is a front line of detection of specific known URI alias attacks, with the last line defense of not allowing any aliasing of resources.

Many thanks to @cangqingzhe from @CloverSecLabs for reporting this issue.

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-webapp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.4.37"
            },
            {
              "fixed": "9.4.43"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-webapp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.1"
            },
            {
              "fixed": "10.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-webapp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.1"
            },
            {
              "fixed": "11.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-34429"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-551",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-07-15T21:33:21Z",
    "nvd_published_at": "2021-07-15T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Description\nURIs can be crafted using some encoded characters to access the content of the `WEB-INF` directory and/or bypass some security constraints.\nThis is a variation of the vulnerability reported in [CVE-2021-28164](https://nvd.nist.gov/vuln/detail/CVE-2021-28164)/[GHSA-v7ff-8wcx-gmc5](https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5).\n\n### Impact\nThe default compliance mode allows requests with URIs that contain a %u002e segment to access protected resources within the WEB-INF directory. For example, a request to `/%u002e/WEB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.  Similarly, an encoded null character can prevent correct normalization so that /.%00/WEB-INF/web.xml cal also retrieve the web.xml file.\n\n### Workarounds\nSome Jetty [rewrite rules](https://www.eclipse.org/jetty/documentation/jetty-9/index.html#rewrite-handler) can be deployed to rewrite any request containing encoded dot segments or null characters in the raw request URI, to a known not found resource:\n```xml\n\u003cCall name=\"addRule\"\u003e\n  \u003cArg\u003e\n    \u003cNew class=\"org.eclipse.jetty.rewrite.handler.RewriteRegexRule\"\u003e\n      \u003cSet name=\"regex\"\u003e.*/(?:\\.+/)+.*\u003c/Set\u003e\n      \u003cSet name=\"replacement\"\u003e/WEB-INF/Not-Found\u003c/Set\u003e\n    \u003c/New\u003e\n  \u003c/Arg\u003e\n\u003c/Call\u003e\n\u003cCall name=\"addRule\"\u003e\n  \u003cArg\u003e\n    \u003cNew class=\"org.eclipse.jetty.rewrite.handler.ValidUrlRule\"/\u003e\n  \u003c/Arg\u003e\n\u003c/Call\u003e\n```\n\n### Analysis\nPrior to 9.4.37, Jetty was protected from this style of attack by two lines of defense:\n + URIs were decoded first and then normalized for `.` and `..` sequences. Whilst this is not according to the RFC, it did remove relative segments that were encoded or parameterized and made the resulting URI paths safe from any repeated normalization (often done by URI manipulation and file system mapping).\n + The `FileResource` class treated any difference between absolute path and canonical path of a resource as an alias, and thus the resource would not be served by default.\n\nPrior to 9.4.37, the `FileResource` class was replaced by the `PathResource` class that did not treat normalization differences as aliases.  Then release 9.4.37 updated the URI parsing to be compliant with the RFC, in that normalization is done before decoding.   This allowed various encodings or adornments to relative path segments that would not be normalized by the pure RFC URI normalization, but were normalized by the file system, thus allowing protected resources to be accessed via an alias.  Specifically by decoding URIs after normalization, it left them vulnerable to any subsequent normalization (potentially after checking security constraints) changing the URI singificantly.  Such extra normalization is often down by URI manipulation code and file systems.\n\nWith Jetty releases 9.4.43, 10.0.6, 11.0.6, we have restored several lines of defense:\n + URIs are first decoded and then normalized which is not strictly according to the current RFC.  Since the normalization is done after decoding, the URI paths produced are safe from further normalisation and the referenced resource cannot easily be so changed after passing security constraints.\n + During URI parsing checks are made for some specific segments/characters that are possible to be seen ambiguously by an application (e.g. encode dot segments, encoded separators, empty segments, parameterized dot segments and/or null characters). So even though Jetty code handles these URIs correctly, there is a risk that an application may not do so, thus such requests are rejected with a 400 Bad Request unless a specific compliance mode is set.\n + Once decoded and normalized by initial URI processing, Jetty will not decode or normalize a received URI again within its own resource handling. This avoids to possibility of double decode attacks.\n + The `ContextHandler.getResource(String path)` method always checks that the passed path is normalized, only accepting a non normal path if approved by an AliasChecker.  This is the method that is directly used by Jetty resource serving.\n + The API methods like `ServletContext.getResource(String path)` will normalize the  prior to calling `ContextHandler.getResource(String path)`. This allows applications to use non normal paths.\n + The `PathResource` class now considers any difference in normal/canonical name between a request resource name and the found resource name  to be an alias, which will only be served if approved by an explicit `AliasChecker`\n\nIn summary, the defense is a front line of detection of specific known URI alias attacks, with the last line defense of not allowing any aliasing of resources.\n\nMany thanks to @cangqingzhe from @CloverSecLabs for reporting this issue. ",
  "id": "GHSA-vjv5-gp2w-65vm",
  "modified": "2022-04-19T15:15:34Z",
  "published": "2021-07-19T15:15:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34429"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46@%3Cissues.hbase.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64@%3Ccommits.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46@%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17@%3Cjira.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e@%3Cjira.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6@%3Cjira.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba@%3Cissues.hbase.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210819-0006"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/eclipse/jetty.project"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.43.v20210629"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0@%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857@%3Ccommits.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398@%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea@%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1@%3Cdev.santuario.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c@%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce@%3Cjira.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24@%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e@%3Cdev.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63@%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45@%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e@%3Cjira.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c@%3Cjira.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c@%3Cdev.hbase.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c@%3Cjira.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe@%3Ccommits.kafka.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Encoded URIs can access WEB-INF directory in Eclipse Jetty"
}

GSD-2021-34429

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-34429

Aliases

CVE-2021-34429

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-34429",
    "description": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.",
    "id": "GSD-2021-34429",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-34429.html",
      "https://access.redhat.com/errata/RHSA-2022:0138",
      "https://access.redhat.com/errata/RHSA-2021:3700"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-34429"
      ],
      "details": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.",
      "id": "GSD-2021-34429",
      "modified": "2023-12-13T01:23:14.166931Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@eclipse.org",
        "ID": "CVE-2021-34429",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Eclipse Jetty",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003e=",
                          "version_value": "9.4.37"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "9.4.42"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "10.0.1"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "10.0.5"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "11.0.1"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "11.0.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "The Eclipse Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 5.3,
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-200"
              }
            ]
          },
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-551"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm",
            "refsource": "CONFIRM",
            "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
          },
          {
            "name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0@%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24@%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500@%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1@%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8@%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1@%3Cdev.santuario.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c@%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce@%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e@%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857@%3Ccommits.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64@%3Ccommits.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe@%3Ccommits.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6@%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e@%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17@%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e@%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c@%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45@%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea@%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46@%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c@%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398@%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63@%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46@%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c@%3Cdev.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba@%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20210819-0006/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20210819-0006/"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[9.4.37,9.4.43),[10.0.1,10.0.6),[11.0.1,11.0.6)",
          "affected_versions": "All versions starting from 9.4.37 before 9.4.43, all versions starting from 10.0.1 before 10.0.6, all versions starting from 11.0.1 before 11.0.6",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-10-27",
          "description": "For Eclipse Jetty, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164.",
          "fixed_versions": [
            "9.4.43",
            "10.0.6",
            "11.0.6"
          ],
          "identifier": "CVE-2021-34429",
          "identifiers": [
            "CVE-2021-34429",
            "GHSA-vjv5-gp2w-65vm"
          ],
          "not_impacted": "All versions before 9.4.37, all versions starting from 9.4.43 before 10.0.1, all versions starting from 10.0.6 before 11.0.1, all versions starting from 11.0.6",
          "package_slug": "maven/org.eclipse.jetty/jetty-webapp",
          "pubdate": "2021-07-15",
          "solution": "Upgrade to versions 9.4.43, 10.0.6, 11.0.6 or above.",
          "title": "Information Exposure",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-34429"
          ],
          "uuid": "e638e03f-4845-49ea-81c5-5873d1ff6805"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.0.6",
                "versionStartIncluding": "11.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.6",
                "versionStartIncluding": "10.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.4.43",
                "versionStartIncluding": "9.4.37",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.70.1",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.5.0.2",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "22.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:stream_analytics:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "19.1.0.0.6.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:stream_analytics:19c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2021-34429"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
            },
            {
              "name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1@%3Cdev.santuario.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe@%3Ccommits.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64@%3Ccommits.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857@%3Ccommits.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210819-0006/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210819-0006/"
            },
            {
              "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c@%3Cdev.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-10-27T12:25Z",
      "publishedDate": "2021-07-15T17:15Z"
    }
  }
}

OPENSUSE-SU-2021:2838-1

Vulnerability from csaf_opensuse - Published: 2021-08-25 10:34 - Updated: 2021-08-25 10:34

Summary

Security update for jetty-minimal

Severity

Moderate

Notes

Title of the patch: Security update for jetty-minimal

Description of the patch: This update for jetty-minimal fixes the following issues: - Update to version 9.4.43.v20210629 - CVE-2021-34429: URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. (bsc#1188438)

Patchnames: openSUSE-SLE-15.3-2021-2838

CVE-2021-34429

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:jetty-annotations-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-client-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-continuation-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-http-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-io-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-jaas-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-jmx-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-jndi-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-jsp-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-openid-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-plus-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-proxy-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-security-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-server-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-servlet-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-util-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-util-ajax-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-webapp-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-websocket-api-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-websocket-client-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-websocket-common-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-websocket-server-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-websocket-servlet-9.4.43-3.12.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:jetty-xml-9.4.43-3.12.2.noarch	—	Vendor Fix

Threats

Impact moderate

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1188438	self
https://www.suse.com/security/cve/CVE-2021-34429/	self
https://www.suse.com/security/cve/CVE-2021-34429	external
https://bugzilla.suse.com/1188438	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for jetty-minimal",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for jetty-minimal fixes the following issues:\n\n- Update to version 9.4.43.v20210629\n- CVE-2021-34429: URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. (bsc#1188438)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-SLE-15.3-2021-2838",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_2838-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:2838-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3BXMLXWW5ACU3IDNEEUVRZ3WYWHNGPZM/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:2838-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3BXMLXWW5ACU3IDNEEUVRZ3WYWHNGPZM/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188438",
        "url": "https://bugzilla.suse.com/1188438"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-34429 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-34429/"
      }
    ],
    "title": "Security update for jetty-minimal",
    "tracking": {
      "current_release_date": "2021-08-25T10:34:18Z",
      "generator": {
        "date": "2021-08-25T10:34:18Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:2838-1",
      "initial_release_date": "2021-08-25T10:34:18Z",
      "revision_history": [
        {
          "date": "2021-08-25T10:34:18Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jetty-annotations-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-annotations-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-annotations-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-client-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-client-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-client-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-continuation-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-continuation-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-continuation-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-http-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-http-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-http-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-io-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-io-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-io-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jaas-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-jaas-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-jaas-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-javax-websocket-client-impl-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-javax-websocket-client-impl-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-javax-websocket-client-impl-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-javax-websocket-server-impl-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-javax-websocket-server-impl-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-javax-websocket-server-impl-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jmx-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-jmx-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-jmx-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jndi-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-jndi-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-jndi-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jsp-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-jsp-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-jsp-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-minimal-javadoc-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-minimal-javadoc-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-minimal-javadoc-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-openid-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-openid-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-openid-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-plus-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-plus-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-plus-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-proxy-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-proxy-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-proxy-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-security-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-security-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-security-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-server-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-server-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-server-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-servlet-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-servlet-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-servlet-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-util-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-util-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-util-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-util-ajax-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-util-ajax-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-util-ajax-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-webapp-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-webapp-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-webapp-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-websocket-api-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-websocket-api-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-websocket-api-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-websocket-client-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-websocket-client-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-websocket-client-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-websocket-common-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-websocket-common-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-websocket-common-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-websocket-javadoc-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-websocket-javadoc-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-websocket-javadoc-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-websocket-server-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-websocket-server-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-websocket-server-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-websocket-servlet-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-websocket-servlet-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-websocket-servlet-9.4.43-3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-xml-9.4.43-3.12.2.noarch",
                "product": {
                  "name": "jetty-xml-9.4.43-3.12.2.noarch",
                  "product_id": "jetty-xml-9.4.43-3.12.2.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.3",
                "product": {
                  "name": "openSUSE Leap 15.3",
                  "product_id": "openSUSE Leap 15.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-annotations-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-annotations-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-annotations-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-client-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-client-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-client-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-continuation-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-continuation-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-continuation-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-http-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-http-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-io-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-io-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-io-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jaas-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-jaas-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-jaas-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-javax-websocket-client-impl-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-javax-websocket-client-impl-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-javax-websocket-server-impl-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-javax-websocket-server-impl-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jmx-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-jmx-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-jmx-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jndi-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-jndi-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-jndi-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jsp-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-jsp-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-jsp-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-minimal-javadoc-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-minimal-javadoc-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-openid-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-openid-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-openid-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-plus-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-plus-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-plus-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-proxy-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-proxy-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-proxy-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-security-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-security-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-security-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-server-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-server-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-server-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlet-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-servlet-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-servlet-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-util-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-util-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-ajax-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-util-ajax-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-util-ajax-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-webapp-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-webapp-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-webapp-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-websocket-api-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-websocket-api-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-websocket-api-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-websocket-client-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-websocket-client-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-websocket-client-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-websocket-common-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-websocket-common-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-websocket-common-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-websocket-javadoc-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-websocket-javadoc-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-websocket-server-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-websocket-server-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-websocket-server-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-websocket-servlet-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-websocket-servlet-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-websocket-servlet-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-xml-9.4.43-3.12.2.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:jetty-xml-9.4.43-3.12.2.noarch"
        },
        "product_reference": "jetty-xml-9.4.43-3.12.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-34429",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-34429"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:jetty-annotations-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-client-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-continuation-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-http-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-io-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-jaas-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-jmx-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-jndi-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-jsp-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-openid-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-plus-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-proxy-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-security-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-server-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-servlet-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-util-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-util-ajax-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-webapp-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-websocket-api-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-websocket-client-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-websocket-common-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-websocket-server-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-websocket-servlet-9.4.43-3.12.2.noarch",
          "openSUSE Leap 15.3:jetty-xml-9.4.43-3.12.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-34429",
          "url": "https://www.suse.com/security/cve/CVE-2021-34429"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188438 for CVE-2021-34429",
          "url": "https://bugzilla.suse.com/1188438"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:jetty-annotations-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-client-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-continuation-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-http-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-io-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-jaas-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-jmx-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-jndi-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-jsp-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-openid-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-plus-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-proxy-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-security-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-server-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-servlet-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-util-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-util-ajax-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-webapp-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-websocket-api-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-websocket-client-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-websocket-common-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-websocket-server-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-websocket-servlet-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-xml-9.4.43-3.12.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:jetty-annotations-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-client-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-continuation-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-http-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-io-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-jaas-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-jmx-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-jndi-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-jsp-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-openid-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-plus-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-proxy-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-security-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-server-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-servlet-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-util-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-util-ajax-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-webapp-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-websocket-api-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-websocket-client-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-websocket-common-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-websocket-server-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-websocket-servlet-9.4.43-3.12.2.noarch",
            "openSUSE Leap 15.3:jetty-xml-9.4.43-3.12.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-08-25T10:34:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-34429"
    }
  ]
}

OPENSUSE-SU-2024:10878-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

jetty-annotations-9.4.43-1.2 on GA media

Severity

Moderate

Notes

Title of the patch: jetty-annotations-9.4.43-1.2 on GA media

Description of the patch: These are all security issues fixed in the jetty-annotations-9.4.43-1.2 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-10878

CVE-2020-27218

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Affected products

Recommended 116 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-27223

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 116 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-28163

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 116 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-28164

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 116 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-28165

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 116 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-28169

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Recommended 116 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-34429

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 116 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64	—	Vendor Fix

Threats

Impact moderate

References

24 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2020-27218/	self
https://www.suse.com/security/cve/CVE-2020-27223/	self
https://www.suse.com/security/cve/CVE-2021-28163/	self
https://www.suse.com/security/cve/CVE-2021-28164/	self
https://www.suse.com/security/cve/CVE-2021-28165/	self
https://www.suse.com/security/cve/CVE-2021-28169/	self
https://www.suse.com/security/cve/CVE-2021-34429/	self
https://www.suse.com/security/cve/CVE-2020-27218	external
https://bugzilla.suse.com/1179727	external
https://www.suse.com/security/cve/CVE-2020-27223	external
https://bugzilla.suse.com/1182898	external
https://www.suse.com/security/cve/CVE-2021-28163	external
https://bugzilla.suse.com/1184366	external
https://www.suse.com/security/cve/CVE-2021-28164	external
https://bugzilla.suse.com/1184368	external
https://bugzilla.suse.com/1188438	external
https://www.suse.com/security/cve/CVE-2021-28165	external
https://bugzilla.suse.com/1184367	external
https://www.suse.com/security/cve/CVE-2021-28169	external
https://bugzilla.suse.com/1187117	external
https://www.suse.com/security/cve/CVE-2021-34429	external
https://bugzilla.suse.com/1188438	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "jetty-annotations-9.4.43-1.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the jetty-annotations-9.4.43-1.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10878",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10878-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-27218 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-27218/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-27223 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-27223/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-28163 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-28163/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-28164 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-28164/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-28165 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-28165/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-28169 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-28169/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-34429 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-34429/"
      }
    ],
    "title": "jetty-annotations-9.4.43-1.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10878-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jetty-annotations-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-annotations-9.4.43-1.2.aarch64",
                  "product_id": "jetty-annotations-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-ant-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-ant-9.4.43-1.2.aarch64",
                  "product_id": "jetty-ant-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-cdi-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-cdi-9.4.43-1.2.aarch64",
                  "product_id": "jetty-cdi-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-client-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-client-9.4.43-1.2.aarch64",
                  "product_id": "jetty-client-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-continuation-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-continuation-9.4.43-1.2.aarch64",
                  "product_id": "jetty-continuation-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-deploy-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-deploy-9.4.43-1.2.aarch64",
                  "product_id": "jetty-deploy-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-fcgi-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-fcgi-9.4.43-1.2.aarch64",
                  "product_id": "jetty-fcgi-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-http-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-http-9.4.43-1.2.aarch64",
                  "product_id": "jetty-http-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-http-spi-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-http-spi-9.4.43-1.2.aarch64",
                  "product_id": "jetty-http-spi-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-io-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-io-9.4.43-1.2.aarch64",
                  "product_id": "jetty-io-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jaas-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-jaas-9.4.43-1.2.aarch64",
                  "product_id": "jetty-jaas-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jmx-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-jmx-9.4.43-1.2.aarch64",
                  "product_id": "jetty-jmx-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jndi-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-jndi-9.4.43-1.2.aarch64",
                  "product_id": "jetty-jndi-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jsp-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-jsp-9.4.43-1.2.aarch64",
                  "product_id": "jetty-jsp-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-minimal-javadoc-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-minimal-javadoc-9.4.43-1.2.aarch64",
                  "product_id": "jetty-minimal-javadoc-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-openid-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-openid-9.4.43-1.2.aarch64",
                  "product_id": "jetty-openid-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-plus-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-plus-9.4.43-1.2.aarch64",
                  "product_id": "jetty-plus-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-proxy-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-proxy-9.4.43-1.2.aarch64",
                  "product_id": "jetty-proxy-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-quickstart-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-quickstart-9.4.43-1.2.aarch64",
                  "product_id": "jetty-quickstart-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-rewrite-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-rewrite-9.4.43-1.2.aarch64",
                  "product_id": "jetty-rewrite-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-security-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-security-9.4.43-1.2.aarch64",
                  "product_id": "jetty-security-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-server-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-server-9.4.43-1.2.aarch64",
                  "product_id": "jetty-server-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-servlet-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-servlet-9.4.43-1.2.aarch64",
                  "product_id": "jetty-servlet-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-servlets-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-servlets-9.4.43-1.2.aarch64",
                  "product_id": "jetty-servlets-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-start-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-start-9.4.43-1.2.aarch64",
                  "product_id": "jetty-start-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-util-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-util-9.4.43-1.2.aarch64",
                  "product_id": "jetty-util-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-util-ajax-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-util-ajax-9.4.43-1.2.aarch64",
                  "product_id": "jetty-util-ajax-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-webapp-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-webapp-9.4.43-1.2.aarch64",
                  "product_id": "jetty-webapp-9.4.43-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-xml-9.4.43-1.2.aarch64",
                "product": {
                  "name": "jetty-xml-9.4.43-1.2.aarch64",
                  "product_id": "jetty-xml-9.4.43-1.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jetty-annotations-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-annotations-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-annotations-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-ant-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-ant-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-ant-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-cdi-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-cdi-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-cdi-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-client-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-client-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-client-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-continuation-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-continuation-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-continuation-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-deploy-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-deploy-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-deploy-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-fcgi-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-fcgi-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-fcgi-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-http-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-http-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-http-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-http-spi-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-http-spi-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-http-spi-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-io-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-io-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-io-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jaas-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-jaas-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-jaas-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jmx-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-jmx-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-jmx-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jndi-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-jndi-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-jndi-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jsp-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-jsp-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-jsp-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-minimal-javadoc-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-openid-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-openid-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-openid-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-plus-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-plus-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-plus-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-proxy-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-proxy-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-proxy-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-quickstart-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-quickstart-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-quickstart-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-rewrite-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-rewrite-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-rewrite-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-security-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-security-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-security-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-server-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-server-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-server-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-servlet-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-servlet-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-servlet-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-servlets-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-servlets-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-servlets-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-start-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-start-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-start-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-util-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-util-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-util-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-util-ajax-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-util-ajax-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-util-ajax-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-webapp-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-webapp-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-webapp-9.4.43-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-xml-9.4.43-1.2.ppc64le",
                "product": {
                  "name": "jetty-xml-9.4.43-1.2.ppc64le",
                  "product_id": "jetty-xml-9.4.43-1.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jetty-annotations-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-annotations-9.4.43-1.2.s390x",
                  "product_id": "jetty-annotations-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-ant-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-ant-9.4.43-1.2.s390x",
                  "product_id": "jetty-ant-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-cdi-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-cdi-9.4.43-1.2.s390x",
                  "product_id": "jetty-cdi-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-client-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-client-9.4.43-1.2.s390x",
                  "product_id": "jetty-client-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-continuation-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-continuation-9.4.43-1.2.s390x",
                  "product_id": "jetty-continuation-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-deploy-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-deploy-9.4.43-1.2.s390x",
                  "product_id": "jetty-deploy-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-fcgi-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-fcgi-9.4.43-1.2.s390x",
                  "product_id": "jetty-fcgi-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-http-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-http-9.4.43-1.2.s390x",
                  "product_id": "jetty-http-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-http-spi-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-http-spi-9.4.43-1.2.s390x",
                  "product_id": "jetty-http-spi-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-io-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-io-9.4.43-1.2.s390x",
                  "product_id": "jetty-io-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jaas-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-jaas-9.4.43-1.2.s390x",
                  "product_id": "jetty-jaas-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jmx-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-jmx-9.4.43-1.2.s390x",
                  "product_id": "jetty-jmx-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jndi-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-jndi-9.4.43-1.2.s390x",
                  "product_id": "jetty-jndi-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jsp-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-jsp-9.4.43-1.2.s390x",
                  "product_id": "jetty-jsp-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-minimal-javadoc-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-minimal-javadoc-9.4.43-1.2.s390x",
                  "product_id": "jetty-minimal-javadoc-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-openid-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-openid-9.4.43-1.2.s390x",
                  "product_id": "jetty-openid-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-plus-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-plus-9.4.43-1.2.s390x",
                  "product_id": "jetty-plus-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-proxy-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-proxy-9.4.43-1.2.s390x",
                  "product_id": "jetty-proxy-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-quickstart-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-quickstart-9.4.43-1.2.s390x",
                  "product_id": "jetty-quickstart-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-rewrite-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-rewrite-9.4.43-1.2.s390x",
                  "product_id": "jetty-rewrite-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-security-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-security-9.4.43-1.2.s390x",
                  "product_id": "jetty-security-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-server-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-server-9.4.43-1.2.s390x",
                  "product_id": "jetty-server-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-servlet-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-servlet-9.4.43-1.2.s390x",
                  "product_id": "jetty-servlet-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-servlets-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-servlets-9.4.43-1.2.s390x",
                  "product_id": "jetty-servlets-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-start-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-start-9.4.43-1.2.s390x",
                  "product_id": "jetty-start-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-util-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-util-9.4.43-1.2.s390x",
                  "product_id": "jetty-util-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-util-ajax-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-util-ajax-9.4.43-1.2.s390x",
                  "product_id": "jetty-util-ajax-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-webapp-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-webapp-9.4.43-1.2.s390x",
                  "product_id": "jetty-webapp-9.4.43-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-xml-9.4.43-1.2.s390x",
                "product": {
                  "name": "jetty-xml-9.4.43-1.2.s390x",
                  "product_id": "jetty-xml-9.4.43-1.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jetty-annotations-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-annotations-9.4.43-1.2.x86_64",
                  "product_id": "jetty-annotations-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-ant-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-ant-9.4.43-1.2.x86_64",
                  "product_id": "jetty-ant-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-cdi-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-cdi-9.4.43-1.2.x86_64",
                  "product_id": "jetty-cdi-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-client-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-client-9.4.43-1.2.x86_64",
                  "product_id": "jetty-client-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-continuation-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-continuation-9.4.43-1.2.x86_64",
                  "product_id": "jetty-continuation-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-deploy-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-deploy-9.4.43-1.2.x86_64",
                  "product_id": "jetty-deploy-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-fcgi-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-fcgi-9.4.43-1.2.x86_64",
                  "product_id": "jetty-fcgi-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-http-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-http-9.4.43-1.2.x86_64",
                  "product_id": "jetty-http-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-http-spi-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-http-spi-9.4.43-1.2.x86_64",
                  "product_id": "jetty-http-spi-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-io-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-io-9.4.43-1.2.x86_64",
                  "product_id": "jetty-io-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jaas-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-jaas-9.4.43-1.2.x86_64",
                  "product_id": "jetty-jaas-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jmx-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-jmx-9.4.43-1.2.x86_64",
                  "product_id": "jetty-jmx-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jndi-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-jndi-9.4.43-1.2.x86_64",
                  "product_id": "jetty-jndi-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-jsp-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-jsp-9.4.43-1.2.x86_64",
                  "product_id": "jetty-jsp-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-minimal-javadoc-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-minimal-javadoc-9.4.43-1.2.x86_64",
                  "product_id": "jetty-minimal-javadoc-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-openid-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-openid-9.4.43-1.2.x86_64",
                  "product_id": "jetty-openid-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-plus-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-plus-9.4.43-1.2.x86_64",
                  "product_id": "jetty-plus-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-proxy-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-proxy-9.4.43-1.2.x86_64",
                  "product_id": "jetty-proxy-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-quickstart-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-quickstart-9.4.43-1.2.x86_64",
                  "product_id": "jetty-quickstart-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-rewrite-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-rewrite-9.4.43-1.2.x86_64",
                  "product_id": "jetty-rewrite-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-security-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-security-9.4.43-1.2.x86_64",
                  "product_id": "jetty-security-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-server-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-server-9.4.43-1.2.x86_64",
                  "product_id": "jetty-server-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-servlet-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-servlet-9.4.43-1.2.x86_64",
                  "product_id": "jetty-servlet-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-servlets-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-servlets-9.4.43-1.2.x86_64",
                  "product_id": "jetty-servlets-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-start-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-start-9.4.43-1.2.x86_64",
                  "product_id": "jetty-start-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-util-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-util-9.4.43-1.2.x86_64",
                  "product_id": "jetty-util-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-util-ajax-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-util-ajax-9.4.43-1.2.x86_64",
                  "product_id": "jetty-util-ajax-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-webapp-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-webapp-9.4.43-1.2.x86_64",
                  "product_id": "jetty-webapp-9.4.43-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jetty-xml-9.4.43-1.2.x86_64",
                "product": {
                  "name": "jetty-xml-9.4.43-1.2.x86_64",
                  "product_id": "jetty-xml-9.4.43-1.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-annotations-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-annotations-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-annotations-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-annotations-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-annotations-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-annotations-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-annotations-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-annotations-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-ant-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-ant-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-ant-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-ant-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-ant-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-ant-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-ant-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-ant-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-cdi-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-cdi-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-cdi-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-cdi-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-cdi-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-cdi-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-cdi-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-cdi-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-client-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-client-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-client-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-client-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-client-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-client-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-client-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-client-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-continuation-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-continuation-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-continuation-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-continuation-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-continuation-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-continuation-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-continuation-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-continuation-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-deploy-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-deploy-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-deploy-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-deploy-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-deploy-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-deploy-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-deploy-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-deploy-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-fcgi-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-fcgi-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-fcgi-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-fcgi-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-fcgi-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-fcgi-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-fcgi-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-fcgi-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-http-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-http-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-http-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-http-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-spi-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-http-spi-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-spi-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-http-spi-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-spi-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-http-spi-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-http-spi-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-http-spi-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-io-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-io-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-io-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-io-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-io-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-io-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-io-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-io-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jaas-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-jaas-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jaas-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-jaas-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jaas-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-jaas-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jaas-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-jaas-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jmx-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-jmx-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jmx-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-jmx-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jmx-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-jmx-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jmx-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-jmx-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jndi-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-jndi-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jndi-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-jndi-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jndi-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-jndi-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jndi-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-jndi-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jsp-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-jsp-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jsp-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-jsp-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jsp-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-jsp-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-jsp-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-jsp-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-minimal-javadoc-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-minimal-javadoc-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-minimal-javadoc-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-minimal-javadoc-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-minimal-javadoc-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-minimal-javadoc-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-minimal-javadoc-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-openid-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-openid-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-openid-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-openid-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-openid-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-openid-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-openid-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-openid-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-plus-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-plus-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-plus-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-plus-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-plus-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-plus-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-plus-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-plus-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-proxy-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-proxy-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-proxy-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-proxy-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-proxy-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-proxy-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-proxy-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-proxy-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-quickstart-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-quickstart-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-quickstart-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-quickstart-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-quickstart-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-quickstart-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-quickstart-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-quickstart-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-rewrite-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-rewrite-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-rewrite-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-rewrite-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-rewrite-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-rewrite-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-rewrite-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-rewrite-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-security-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-security-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-security-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-security-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-security-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-security-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-security-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-security-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-server-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-server-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-server-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-server-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-server-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-server-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-server-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-server-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlet-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-servlet-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlet-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-servlet-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlet-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-servlet-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlet-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-servlet-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlets-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-servlets-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlets-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-servlets-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlets-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-servlets-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-servlets-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-servlets-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-start-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-start-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-start-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-start-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-start-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-start-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-start-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-start-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-util-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-util-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-util-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-util-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-ajax-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-util-ajax-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-ajax-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-util-ajax-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-ajax-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-util-ajax-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-util-ajax-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-util-ajax-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-webapp-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-webapp-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-webapp-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-webapp-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-webapp-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-webapp-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-webapp-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-webapp-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-xml-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64"
        },
        "product_reference": "jetty-xml-9.4.43-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-xml-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le"
        },
        "product_reference": "jetty-xml-9.4.43-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-xml-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x"
        },
        "product_reference": "jetty-xml-9.4.43-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jetty-xml-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
        },
        "product_reference": "jetty-xml-9.4.43-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-27218",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-27218"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-27218",
          "url": "https://www.suse.com/security/cve/CVE-2020-27218"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179727 for CVE-2020-27218",
          "url": "https://bugzilla.suse.com/1179727"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-27218"
    },
    {
      "cve": "CVE-2020-27223",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-27223"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \"quality\" (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-27223",
          "url": "https://www.suse.com/security/cve/CVE-2020-27223"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182898 for CVE-2020-27223",
          "url": "https://bugzilla.suse.com/1182898"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-27223"
    },
    {
      "cve": "CVE-2021-28163",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-28163"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-28163",
          "url": "https://www.suse.com/security/cve/CVE-2021-28163"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184366 for CVE-2021-28163",
          "url": "https://bugzilla.suse.com/1184366"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-28163"
    },
    {
      "cve": "CVE-2021-28164",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-28164"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-28164",
          "url": "https://www.suse.com/security/cve/CVE-2021-28164"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184368 for CVE-2021-28164",
          "url": "https://bugzilla.suse.com/1184368"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188438 for CVE-2021-28164",
          "url": "https://bugzilla.suse.com/1188438"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-28164"
    },
    {
      "cve": "CVE-2021-28165",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-28165"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-28165",
          "url": "https://www.suse.com/security/cve/CVE-2021-28165"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184367 for CVE-2021-28165",
          "url": "https://bugzilla.suse.com/1184367"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-28165"
    },
    {
      "cve": "CVE-2021-28169",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-28169"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-28169",
          "url": "https://www.suse.com/security/cve/CVE-2021-28169"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1187117 for CVE-2021-28169",
          "url": "https://bugzilla.suse.com/1187117"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-28169"
    },
    {
      "cve": "CVE-2021-34429",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-34429"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
          "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-34429",
          "url": "https://www.suse.com/security/cve/CVE-2021-34429"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188438 for CVE-2021-34429",
          "url": "https://bugzilla.suse.com/1188438"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
            "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-34429"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-34429 (GCVE-0-2021-34429)

Solution

Solution

Solution

Solution

Description

Impact

Workarounds

Analysis

Tags

Sightings

Nomenclature