Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-13009 (GCVE-0-2024-13009)
Vulnerability from cvelistv5
Published
2025-05-08 17:29
Modified
2025-05-08 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-404 - Improper Resource Shutdown or Release
Summary
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request
body. This can result in corrupted and/or inadvertent sharing of data between requests.
References
| ► | URL | Tags | |
|---|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Jetty |
Version: 9.4.0 ≤ 9.4.56 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:55:32.278977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:56:39.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jetty",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "9.4.56",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\nbody. This can result in corrupted and/or inadvertent sharing of data between requests."
}
],
"value": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\nbody. This can result in corrupted and/or inadvertent sharing of data between requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T17:29:31.380Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
},
{
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Eclipse Jetty GZIP buffer release",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-13009",
"datePublished": "2025-05-08T17:29:31.380Z",
"dateReserved": "2024-12-28T09:11:12.587Z",
"dateUpdated": "2025-05-08T18:56:39.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-13009\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2025-05-08T18:15:41.640\",\"lastModified\":\"2025-07-31T16:31:12.697\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[{\"sourceIdentifier\":\"emo@eclipse.org\",\"tags\":[\"unsupported-when-assigned\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\\nbody. This can result in corrupted and/or inadvertent sharing of data between requests.\"},{\"lang\":\"es\",\"value\":\"En las versiones 9.4.0 a 9.4.56 de Eclipse Jetty, un b\u00fafer puede liberarse incorrectamente al detectar un error de gzip al inflar el cuerpo de una solicitud. Esto puede provocar que se compartan datos corruptos o inadvertidos entre solicitudes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-404\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.57\",\"matchCriteriaId\":\"5E84B2A3-9032-487F-96D2-6E7F94D761B1\"}]}]}],\"references\":[{\"url\":\"https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gitlab.eclipse.org/security/cve-assignement/-/issues/48\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-13009\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T18:55:32.278977Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T18:55:42.205Z\"}}], \"cna\": {\"tags\": [\"unsupported-when-assigned\"], \"title\": \"Eclipse Jetty GZIP buffer release\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Eclipse Foundation\", \"product\": \"Jetty\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.4.56\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://gitlab.eclipse.org/security/cve-assignement/-/issues/48\"}, {\"url\": \"https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\\nbody. This can result in corrupted and/or inadvertent sharing of data between requests.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\\nbody. This can result in corrupted and/or inadvertent sharing of data between requests.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-404\", \"description\": \"CWE-404 Improper Resource Shutdown or Release\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2025-05-08T17:29:31.380Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-13009\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-08T18:56:39.446Z\", \"dateReserved\": \"2024-12-28T09:11:12.587Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2025-05-08T17:29:31.380Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
fkie_cve-2024-13009
Vulnerability from fkie_nvd
Published
2025-05-08 18:15
Modified
2025-07-31 16:31
Severity ?
Summary
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request
body. This can result in corrupted and/or inadvertent sharing of data between requests.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E84B2A3-9032-487F-96D2-6E7F94D761B1",
"versionEndExcluding": "9.4.57",
"versionStartIncluding": "9.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "emo@eclipse.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\nbody. This can result in corrupted and/or inadvertent sharing of data between requests."
},
{
"lang": "es",
"value": "En las versiones 9.4.0 a 9.4.56 de Eclipse Jetty, un b\u00fafer puede liberarse incorrectamente al detectar un error de gzip al inflar el cuerpo de una solicitud. Esto puede provocar que se compartan datos corruptos o inadvertidos entre solicitudes."
}
],
"id": "CVE-2024-13009",
"lastModified": "2025-07-31T16:31:12.697",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
},
"published": "2025-05-08T18:15:41.640",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
}
opensuse-su-2025:15160-1
Vulnerability from csaf_opensuse
Published
2025-05-26 00:00
Modified
2025-05-26 00:00
Summary
jetty-annotations-9.4.57-1.1 on GA media
Notes
Title of the patch
jetty-annotations-9.4.57-1.1 on GA media
Description of the patch
These are all security issues fixed in the jetty-annotations-9.4.57-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15160
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jetty-annotations-9.4.57-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jetty-annotations-9.4.57-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15160",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15160-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15160-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YHGGC7B6PWN2UBH367C4SXP6PWNDYAXM/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15160-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YHGGC7B6PWN2UBH367C4SXP6PWNDYAXM/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6763 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6763/"
}
],
"title": "jetty-annotations-9.4.57-1.1 on GA media",
"tracking": {
"current_release_date": "2025-05-26T00:00:00Z",
"generator": {
"date": "2025-05-26T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15160-1",
"initial_release_date": "2025-05-26T00:00:00Z",
"revision_history": [
{
"date": "2025-05-26T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-annotations-9.4.57-1.1.aarch64",
"product_id": "jetty-annotations-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-ant-9.4.57-1.1.aarch64",
"product_id": "jetty-ant-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-cdi-9.4.57-1.1.aarch64",
"product_id": "jetty-cdi-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-client-9.4.57-1.1.aarch64",
"product_id": "jetty-client-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-continuation-9.4.57-1.1.aarch64",
"product_id": "jetty-continuation-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-deploy-9.4.57-1.1.aarch64",
"product_id": "jetty-deploy-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-fcgi-9.4.57-1.1.aarch64",
"product_id": "jetty-fcgi-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-http-9.4.57-1.1.aarch64",
"product_id": "jetty-http-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-http-spi-9.4.57-1.1.aarch64",
"product_id": "jetty-http-spi-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-io-9.4.57-1.1.aarch64",
"product_id": "jetty-io-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-jaas-9.4.57-1.1.aarch64",
"product_id": "jetty-jaas-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-jmx-9.4.57-1.1.aarch64",
"product_id": "jetty-jmx-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-jndi-9.4.57-1.1.aarch64",
"product_id": "jetty-jndi-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-jsp-9.4.57-1.1.aarch64",
"product_id": "jetty-jsp-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"product_id": "jetty-minimal-javadoc-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-openid-9.4.57-1.1.aarch64",
"product_id": "jetty-openid-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-plus-9.4.57-1.1.aarch64",
"product_id": "jetty-plus-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-project-9.4.57-1.1.aarch64",
"product_id": "jetty-project-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-proxy-9.4.57-1.1.aarch64",
"product_id": "jetty-proxy-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-quickstart-9.4.57-1.1.aarch64",
"product_id": "jetty-quickstart-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-rewrite-9.4.57-1.1.aarch64",
"product_id": "jetty-rewrite-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-security-9.4.57-1.1.aarch64",
"product_id": "jetty-security-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-server-9.4.57-1.1.aarch64",
"product_id": "jetty-server-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-servlet-9.4.57-1.1.aarch64",
"product_id": "jetty-servlet-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-servlets-9.4.57-1.1.aarch64",
"product_id": "jetty-servlets-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-start-9.4.57-1.1.aarch64",
"product_id": "jetty-start-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-util-9.4.57-1.1.aarch64",
"product_id": "jetty-util-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-util-ajax-9.4.57-1.1.aarch64",
"product_id": "jetty-util-ajax-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-webapp-9.4.57-1.1.aarch64",
"product_id": "jetty-webapp-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-xml-9.4.57-1.1.aarch64",
"product_id": "jetty-xml-9.4.57-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-annotations-9.4.57-1.1.ppc64le",
"product_id": "jetty-annotations-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-ant-9.4.57-1.1.ppc64le",
"product_id": "jetty-ant-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-cdi-9.4.57-1.1.ppc64le",
"product_id": "jetty-cdi-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-client-9.4.57-1.1.ppc64le",
"product_id": "jetty-client-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-continuation-9.4.57-1.1.ppc64le",
"product_id": "jetty-continuation-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-deploy-9.4.57-1.1.ppc64le",
"product_id": "jetty-deploy-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-fcgi-9.4.57-1.1.ppc64le",
"product_id": "jetty-fcgi-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-http-9.4.57-1.1.ppc64le",
"product_id": "jetty-http-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-http-spi-9.4.57-1.1.ppc64le",
"product_id": "jetty-http-spi-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-io-9.4.57-1.1.ppc64le",
"product_id": "jetty-io-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-jaas-9.4.57-1.1.ppc64le",
"product_id": "jetty-jaas-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-jmx-9.4.57-1.1.ppc64le",
"product_id": "jetty-jmx-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-jndi-9.4.57-1.1.ppc64le",
"product_id": "jetty-jndi-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-jsp-9.4.57-1.1.ppc64le",
"product_id": "jetty-jsp-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"product_id": "jetty-minimal-javadoc-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-openid-9.4.57-1.1.ppc64le",
"product_id": "jetty-openid-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-plus-9.4.57-1.1.ppc64le",
"product_id": "jetty-plus-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-project-9.4.57-1.1.ppc64le",
"product_id": "jetty-project-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-proxy-9.4.57-1.1.ppc64le",
"product_id": "jetty-proxy-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-quickstart-9.4.57-1.1.ppc64le",
"product_id": "jetty-quickstart-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-rewrite-9.4.57-1.1.ppc64le",
"product_id": "jetty-rewrite-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-security-9.4.57-1.1.ppc64le",
"product_id": "jetty-security-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-server-9.4.57-1.1.ppc64le",
"product_id": "jetty-server-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-servlet-9.4.57-1.1.ppc64le",
"product_id": "jetty-servlet-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-servlets-9.4.57-1.1.ppc64le",
"product_id": "jetty-servlets-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-start-9.4.57-1.1.ppc64le",
"product_id": "jetty-start-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-util-9.4.57-1.1.ppc64le",
"product_id": "jetty-util-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-util-ajax-9.4.57-1.1.ppc64le",
"product_id": "jetty-util-ajax-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-webapp-9.4.57-1.1.ppc64le",
"product_id": "jetty-webapp-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-xml-9.4.57-1.1.ppc64le",
"product_id": "jetty-xml-9.4.57-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.57-1.1.s390x",
"product": {
"name": "jetty-annotations-9.4.57-1.1.s390x",
"product_id": "jetty-annotations-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.57-1.1.s390x",
"product": {
"name": "jetty-ant-9.4.57-1.1.s390x",
"product_id": "jetty-ant-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.57-1.1.s390x",
"product": {
"name": "jetty-cdi-9.4.57-1.1.s390x",
"product_id": "jetty-cdi-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.57-1.1.s390x",
"product": {
"name": "jetty-client-9.4.57-1.1.s390x",
"product_id": "jetty-client-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.57-1.1.s390x",
"product": {
"name": "jetty-continuation-9.4.57-1.1.s390x",
"product_id": "jetty-continuation-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.57-1.1.s390x",
"product": {
"name": "jetty-deploy-9.4.57-1.1.s390x",
"product_id": "jetty-deploy-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.57-1.1.s390x",
"product": {
"name": "jetty-fcgi-9.4.57-1.1.s390x",
"product_id": "jetty-fcgi-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.57-1.1.s390x",
"product": {
"name": "jetty-http-9.4.57-1.1.s390x",
"product_id": "jetty-http-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.57-1.1.s390x",
"product": {
"name": "jetty-http-spi-9.4.57-1.1.s390x",
"product_id": "jetty-http-spi-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.57-1.1.s390x",
"product": {
"name": "jetty-io-9.4.57-1.1.s390x",
"product_id": "jetty-io-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.57-1.1.s390x",
"product": {
"name": "jetty-jaas-9.4.57-1.1.s390x",
"product_id": "jetty-jaas-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.57-1.1.s390x",
"product": {
"name": "jetty-jmx-9.4.57-1.1.s390x",
"product_id": "jetty-jmx-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.57-1.1.s390x",
"product": {
"name": "jetty-jndi-9.4.57-1.1.s390x",
"product_id": "jetty-jndi-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.57-1.1.s390x",
"product": {
"name": "jetty-jsp-9.4.57-1.1.s390x",
"product_id": "jetty-jsp-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.57-1.1.s390x",
"product": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.s390x",
"product_id": "jetty-minimal-javadoc-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.57-1.1.s390x",
"product": {
"name": "jetty-openid-9.4.57-1.1.s390x",
"product_id": "jetty-openid-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.57-1.1.s390x",
"product": {
"name": "jetty-plus-9.4.57-1.1.s390x",
"product_id": "jetty-plus-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.57-1.1.s390x",
"product": {
"name": "jetty-project-9.4.57-1.1.s390x",
"product_id": "jetty-project-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.57-1.1.s390x",
"product": {
"name": "jetty-proxy-9.4.57-1.1.s390x",
"product_id": "jetty-proxy-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.57-1.1.s390x",
"product": {
"name": "jetty-quickstart-9.4.57-1.1.s390x",
"product_id": "jetty-quickstart-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.57-1.1.s390x",
"product": {
"name": "jetty-rewrite-9.4.57-1.1.s390x",
"product_id": "jetty-rewrite-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.57-1.1.s390x",
"product": {
"name": "jetty-security-9.4.57-1.1.s390x",
"product_id": "jetty-security-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.57-1.1.s390x",
"product": {
"name": "jetty-server-9.4.57-1.1.s390x",
"product_id": "jetty-server-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.57-1.1.s390x",
"product": {
"name": "jetty-servlet-9.4.57-1.1.s390x",
"product_id": "jetty-servlet-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.57-1.1.s390x",
"product": {
"name": "jetty-servlets-9.4.57-1.1.s390x",
"product_id": "jetty-servlets-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.57-1.1.s390x",
"product": {
"name": "jetty-start-9.4.57-1.1.s390x",
"product_id": "jetty-start-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.57-1.1.s390x",
"product": {
"name": "jetty-util-9.4.57-1.1.s390x",
"product_id": "jetty-util-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.57-1.1.s390x",
"product": {
"name": "jetty-util-ajax-9.4.57-1.1.s390x",
"product_id": "jetty-util-ajax-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.57-1.1.s390x",
"product": {
"name": "jetty-webapp-9.4.57-1.1.s390x",
"product_id": "jetty-webapp-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.57-1.1.s390x",
"product": {
"name": "jetty-xml-9.4.57-1.1.s390x",
"product_id": "jetty-xml-9.4.57-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-annotations-9.4.57-1.1.x86_64",
"product_id": "jetty-annotations-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-ant-9.4.57-1.1.x86_64",
"product_id": "jetty-ant-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-cdi-9.4.57-1.1.x86_64",
"product_id": "jetty-cdi-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-client-9.4.57-1.1.x86_64",
"product_id": "jetty-client-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-continuation-9.4.57-1.1.x86_64",
"product_id": "jetty-continuation-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-deploy-9.4.57-1.1.x86_64",
"product_id": "jetty-deploy-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-fcgi-9.4.57-1.1.x86_64",
"product_id": "jetty-fcgi-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-http-9.4.57-1.1.x86_64",
"product_id": "jetty-http-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-http-spi-9.4.57-1.1.x86_64",
"product_id": "jetty-http-spi-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-io-9.4.57-1.1.x86_64",
"product_id": "jetty-io-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-jaas-9.4.57-1.1.x86_64",
"product_id": "jetty-jaas-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-jmx-9.4.57-1.1.x86_64",
"product_id": "jetty-jmx-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-jndi-9.4.57-1.1.x86_64",
"product_id": "jetty-jndi-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-jsp-9.4.57-1.1.x86_64",
"product_id": "jetty-jsp-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"product_id": "jetty-minimal-javadoc-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-openid-9.4.57-1.1.x86_64",
"product_id": "jetty-openid-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-plus-9.4.57-1.1.x86_64",
"product_id": "jetty-plus-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-project-9.4.57-1.1.x86_64",
"product_id": "jetty-project-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-proxy-9.4.57-1.1.x86_64",
"product_id": "jetty-proxy-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-quickstart-9.4.57-1.1.x86_64",
"product_id": "jetty-quickstart-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-rewrite-9.4.57-1.1.x86_64",
"product_id": "jetty-rewrite-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-security-9.4.57-1.1.x86_64",
"product_id": "jetty-security-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-server-9.4.57-1.1.x86_64",
"product_id": "jetty-server-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-servlet-9.4.57-1.1.x86_64",
"product_id": "jetty-servlet-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-servlets-9.4.57-1.1.x86_64",
"product_id": "jetty-servlets-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-start-9.4.57-1.1.x86_64",
"product_id": "jetty-start-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-util-9.4.57-1.1.x86_64",
"product_id": "jetty-util-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-util-ajax-9.4.57-1.1.x86_64",
"product_id": "jetty-util-ajax-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-webapp-9.4.57-1.1.x86_64",
"product_id": "jetty-webapp-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-xml-9.4.57-1.1.x86_64",
"product_id": "jetty-xml-9.4.57-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-annotations-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-annotations-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x"
},
"product_reference": "jetty-annotations-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-annotations-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-ant-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-ant-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x"
},
"product_reference": "jetty-ant-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-ant-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-cdi-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-cdi-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x"
},
"product_reference": "jetty-cdi-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-cdi-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-client-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-client-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x"
},
"product_reference": "jetty-client-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-client-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-continuation-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-continuation-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x"
},
"product_reference": "jetty-continuation-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-continuation-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-deploy-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-deploy-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x"
},
"product_reference": "jetty-deploy-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-deploy-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-fcgi-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-fcgi-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x"
},
"product_reference": "jetty-fcgi-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-fcgi-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-http-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-http-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x"
},
"product_reference": "jetty-http-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-http-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-http-spi-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-http-spi-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x"
},
"product_reference": "jetty-http-spi-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-http-spi-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-io-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-io-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x"
},
"product_reference": "jetty-io-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-io-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-jaas-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-jaas-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x"
},
"product_reference": "jetty-jaas-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-jaas-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-jmx-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-jmx-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x"
},
"product_reference": "jetty-jmx-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-jmx-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-jndi-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-jndi-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x"
},
"product_reference": "jetty-jndi-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-jndi-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-jsp-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-jsp-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x"
},
"product_reference": "jetty-jsp-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-jsp-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x"
},
"product_reference": "jetty-minimal-javadoc-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-openid-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-openid-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x"
},
"product_reference": "jetty-openid-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-openid-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-plus-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-plus-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x"
},
"product_reference": "jetty-plus-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-plus-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-project-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-project-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x"
},
"product_reference": "jetty-project-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-project-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-proxy-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-proxy-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x"
},
"product_reference": "jetty-proxy-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-proxy-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-quickstart-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-quickstart-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x"
},
"product_reference": "jetty-quickstart-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-quickstart-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-rewrite-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-rewrite-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x"
},
"product_reference": "jetty-rewrite-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-rewrite-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-security-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-security-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x"
},
"product_reference": "jetty-security-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-security-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-server-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-server-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x"
},
"product_reference": "jetty-server-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-server-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-servlet-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-servlet-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x"
},
"product_reference": "jetty-servlet-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-servlet-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-servlets-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-servlets-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x"
},
"product_reference": "jetty-servlets-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-servlets-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-start-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-start-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x"
},
"product_reference": "jetty-start-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-start-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-util-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-util-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x"
},
"product_reference": "jetty-util-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-util-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-util-ajax-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-util-ajax-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x"
},
"product_reference": "jetty-util-ajax-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-util-ajax-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-webapp-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-webapp-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x"
},
"product_reference": "jetty-webapp-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-webapp-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-xml-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-xml-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x"
},
"product_reference": "jetty-xml-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-xml-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13009"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\nbody. This can result in corrupted and/or inadvertent sharing of data between requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13009",
"url": "https://www.suse.com/security/cve/CVE-2024-13009"
},
{
"category": "external",
"summary": "SUSE Bug 1243271 for CVE-2024-13009",
"url": "https://bugzilla.suse.com/1243271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-6763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6763"
}
],
"notes": [
{
"category": "general",
"text": "Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.\n\nThe HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI\n differs from the common browsers in how it handles a URI that would be \nconsidered invalid if fully validated against the RRC. Specifically HttpURI\n and the browser may differ on the value of the host extracted from an \ninvalid URI and thus a combination of Jetty and a vulnerable browser may\n be vulnerable to a open redirect attack or to a SSRF attack if the URI \nis used after passing validation checks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6763",
"url": "https://www.suse.com/security/cve/CVE-2024-6763"
},
{
"category": "external",
"summary": "SUSE Bug 1231652 for CVE-2024-6763",
"url": "https://bugzilla.suse.com/1231652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-6763"
}
]
}
wid-sec-w-2025-0987
Vulnerability from csaf_certbund
Published
2025-05-08 22:00
Modified
2025-08-06 22:00
Summary
Eclipse Jetty: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um Daten zu manipulieren oder einen Denial-of-Service auszulösen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um Daten zu manipulieren oder einen Denial-of-Service auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0987 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0987.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0987 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0987"
},
{
"category": "external",
"summary": "jetty-announce vom 2025-05-08",
"url": "https://www.eclipse.org/lists/jetty-announce/msg00197.html"
},
{
"category": "external",
"summary": "jetty GitHub vom 2025-05-08",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"category": "external",
"summary": "jetty-announce vom 2025-05-08",
"url": "https://www.eclipse.org/lists/jetty-announce/msg00198.html"
},
{
"category": "external",
"summary": "jetty GitHub vom 2025-05-08",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7696 vom 2025-05-15",
"url": "https://access.redhat.com/errata/RHSA-2025:7696"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15160-1 vom 2025-05-27",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/YHGGC7B6PWN2UBH367C4SXP6PWNDYAXM/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01738-1 vom 2025-05-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4ULIFKC3HN46CWW5I3UU5DGUJKMLM6UC/"
},
{
"category": "external",
"summary": "PDFreactor 12.2 release notes vom 2025-06-17",
"url": "https://www.pdfreactor.com/pdfreactor-12-2-now-available/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9697 vom 2025-06-26",
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9922 vom 2025-06-30",
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10118 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10118"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10097 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10097"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10098 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10098"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10120 vom 2025-07-02",
"url": "https://access.redhat.com/errata/RHSA-2025:10120"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10092 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10092"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10104 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10104"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10119 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10119"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - July 15 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-july-15-2025-1590658642.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12511 vom 2025-08-03",
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13274 vom 2025-08-06",
"url": "https://access.redhat.com/errata/RHSA-2025:13274"
}
],
"source_lang": "en-US",
"title": "Eclipse Jetty: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-06T22:00:00.000+00:00",
"generator": {
"date": "2025-08-07T08:50:24.400+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0987",
"initial_release_date": "2025-05-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-27T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-17T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-06-25T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-01T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-08-03T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-06T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.3",
"product": {
"name": "Atlassian Bamboo \u003c11.0.3",
"product_id": "T045447"
}
},
{
"category": "product_version",
"name": "11.0.3",
"product": {
"name": "Atlassian Bamboo 11.0.3",
"product_id": "T045447-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:11.0.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.6 (LTS)",
"product": {
"name": "Atlassian Bamboo \u003c10.2.6 (LTS)",
"product_id": "T045448"
}
},
{
"category": "product_version",
"name": "10.2.6 (LTS)",
"product": {
"name": "Atlassian Bamboo 10.2.6 (LTS)",
"product_id": "T045448-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:10.2.6_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.6.15 (LTS)",
"product": {
"name": "Atlassian Bamboo \u003c9.6.15 (LTS)",
"product_id": "T045449"
}
},
{
"category": "product_version",
"name": "9.6.15 (LTS)",
"product": {
"name": "Atlassian Bamboo 9.6.15 (LTS)",
"product_id": "T045449-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.6.15_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.4.57",
"product": {
"name": "Eclipse Jetty \u003c9.4.57",
"product_id": "T043523"
}
},
{
"category": "product_version",
"name": "9.4.57",
"product": {
"name": "Eclipse Jetty 9.4.57",
"product_id": "T043523-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:9.4.57"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.17",
"product": {
"name": "Eclipse Jetty \u003c12.0.17",
"product_id": "T043524"
}
},
{
"category": "product_version",
"name": "12.0.17",
"product": {
"name": "Eclipse Jetty 12.0.17",
"product_id": "T043524-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:12.0.17"
}
}
}
],
"category": "product_name",
"name": "Jetty"
}
],
"category": "vendor",
"name": "Eclipse"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.2",
"product": {
"name": "RealObjects PDFreactor \u003c12.2",
"product_id": "T044675"
}
},
{
"category": "product_version",
"name": "12.2",
"product": {
"name": "RealObjects PDFreactor 12.2",
"product_id": "T044675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:realobjects:pdfreactor:12.2"
}
}
}
],
"category": "product_name",
"name": "PDFreactor"
}
],
"category": "vendor",
"name": "RealObjects"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Camel for Spring Boot 1",
"product": {
"name": "Red Hat Integration Camel for Spring Boot 1",
"product_id": "T035240",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:camel_for_spring_boot_1"
}
}
}
],
"category": "product_name",
"name": "Integration"
},
{
"branches": [
{
"category": "product_version",
"name": "Developer Tools and Services 4.14",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.14",
"product_id": "T031233",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.14"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.16",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.16",
"product_id": "T044977",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.16"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.17",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.17",
"product_id": "T044978",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.17"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.18",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.18",
"product_id": "T044979",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.18"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.15",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.15",
"product_id": "T044980",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.15"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.13",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.13",
"product_id": "T044981",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.13"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.12",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.12",
"product_id": "T044982",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.12"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13009",
"product_status": {
"known_affected": [
"T031233",
"67646",
"T035240",
"T044675",
"T045448",
"T043523",
"T045447",
"T002207",
"T044977",
"T045449",
"T044979",
"T044978",
"T027843",
"T044980",
"T044982",
"T044981"
]
},
"release_date": "2025-05-08T22:00:00.000+00:00",
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2025-1948",
"product_status": {
"known_affected": [
"T031233",
"67646",
"T035240",
"T044675",
"T045448",
"T045447",
"T002207",
"T044977",
"T043524",
"T045449",
"T044979",
"T044978",
"T027843",
"T044980",
"T044982",
"T044981"
]
},
"release_date": "2025-05-08T22:00:00.000+00:00",
"title": "CVE-2025-1948"
}
]
}
ghsa-q4rv-gq96-w7c5
Vulnerability from github
Published
2025-05-08 19:28
Modified
2025-05-08 19:28
Severity ?
VLAI Severity ?
Summary
**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request
Details
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.4.56"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty:jetty-server"
},
"ranges": [
{
"events": [
{
"introduced": "9.4.0"
},
{
"fixed": "9.4.57.v20241219"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-13009"
],
"database_specific": {
"cwe_ids": [
"CWE-404"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-08T19:28:34Z",
"nvd_published_at": "2025-05-08T18:15:41Z",
"severity": "HIGH"
},
"details": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.",
"id": "GHSA-q4rv-gq96-w7c5",
"modified": "2025-05-08T19:28:34Z",
"published": "2025-05-08T19:28:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"type": "PACKAGE",
"url": "https://github.com/jetty/jetty.project"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request"
}
suse-su-2025:01738-1
Vulnerability from csaf_suse
Published
2025-05-29 09:37
Modified
2025-05-29 09:37
Summary
Security update for jetty-minimal
Notes
Title of the patch
Security update for jetty-minimal
Description of the patch
This update for jetty-minimal fixes the following issues:
Upgrade to version 9.4.57.v20241219
- CVE-2024-6763: the HttpURI class does insufficient validation on the authority segment of a URI (bsc#1231652)
- CVE-2024-13009: Gzip Request Body Buffer (bsc#1243271)
Patchnames
SUSE-2025-1738,SUSE-SLE-Module-Development-Tools-15-SP6-2025-1738,SUSE-SLE-Module-Development-Tools-15-SP7-2025-1738,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1738,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1738,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1738,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1738,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1738,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1738,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1738,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1738,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1738,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1738,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1738,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1738,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1738,SUSE-Storage-7.1-2025-1738,openSUSE-SLE-15.6-2025-1738
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jetty-minimal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jetty-minimal fixes the following issues:\n\nUpgrade to version 9.4.57.v20241219\n\n- CVE-2024-6763: the HttpURI class does insufficient validation on the authority segment of a URI (bsc#1231652)\n- CVE-2024-13009: Gzip Request Body Buffer (bsc#1243271)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1738,SUSE-SLE-Module-Development-Tools-15-SP6-2025-1738,SUSE-SLE-Module-Development-Tools-15-SP7-2025-1738,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1738,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1738,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1738,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1738,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1738,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1738,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1738,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1738,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1738,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1738,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1738,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1738,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1738,SUSE-Storage-7.1-2025-1738,openSUSE-SLE-15.6-2025-1738",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01738-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01738-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501738-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01738-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039393.html"
},
{
"category": "self",
"summary": "SUSE Bug 1231652",
"url": "https://bugzilla.suse.com/1231652"
},
{
"category": "self",
"summary": "SUSE Bug 1243271",
"url": "https://bugzilla.suse.com/1243271"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6763 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6763/"
}
],
"title": "Security update for jetty-minimal",
"tracking": {
"current_release_date": "2025-05-29T09:37:57Z",
"generator": {
"date": "2025-05-29T09:37:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01738-1",
"initial_release_date": "2025-05-29T09:37:57Z",
"revision_history": [
{
"date": "2025-05-29T09:37:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-annotations-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-annotations-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-ant-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-ant-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-cdi-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-cdi-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-client-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-client-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-continuation-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-continuation-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-deploy-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-deploy-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-fcgi-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-http-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-http-spi-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-io-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-jaas-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-jaas-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-client-impl-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-javax-websocket-client-impl-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-javax-websocket-client-impl-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-server-impl-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-javax-websocket-server-impl-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-javax-websocket-server-impl-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-jmx-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-jmx-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-jndi-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-jndi-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-jsp-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-jsp-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-openid-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-openid-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-plus-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-plus-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-project-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-project-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-proxy-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-proxy-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-quickstart-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-rewrite-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-security-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-server-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-servlet-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-servlets-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-servlets-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-start-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-start-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-util-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-webapp-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-webapp-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-api-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-websocket-api-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-websocket-api-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-client-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-websocket-client-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-websocket-client-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-common-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-websocket-common-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-websocket-common-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-javadoc-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-websocket-javadoc-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-websocket-javadoc-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-server-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-websocket-server-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-websocket-server-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-servlet-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-websocket-servlet-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-websocket-servlet-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-xml-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-xml-9.4.57-150200.3.31.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-continuation-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-continuation-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-annotations-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-ant-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-cdi-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-client-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-continuation-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-deploy-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-jaas-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-jmx-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-jndi-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-jsp-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-openid-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-plus-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-proxy-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlets-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-start-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-webapp-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-xml-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13009"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\nbody. This can result in corrupted and/or inadvertent sharing of data between requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13009",
"url": "https://www.suse.com/security/cve/CVE-2024-13009"
},
{
"category": "external",
"summary": "SUSE Bug 1243271 for CVE-2024-13009",
"url": "https://bugzilla.suse.com/1243271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-29T09:37:57Z",
"details": "important"
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-6763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6763"
}
],
"notes": [
{
"category": "general",
"text": "Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.\n\nThe HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI\n differs from the common browsers in how it handles a URI that would be \nconsidered invalid if fully validated against the RRC. Specifically HttpURI\n and the browser may differ on the value of the host extracted from an \ninvalid URI and thus a combination of Jetty and a vulnerable browser may\n be vulnerable to a open redirect attack or to a SSRF attack if the URI \nis used after passing validation checks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6763",
"url": "https://www.suse.com/security/cve/CVE-2024-6763"
},
{
"category": "external",
"summary": "SUSE Bug 1231652 for CVE-2024-6763",
"url": "https://bugzilla.suse.com/1231652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-29T09:37:57Z",
"details": "moderate"
}
],
"title": "CVE-2024-6763"
}
]
}
rhsa-2025:9697
Vulnerability from csaf_redhat
Published
2025-06-25 19:47
Modified
2025-08-07 15:05
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.3 for Spring Boot patch release.
Notes
Topic
Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues
fixed.
Security Fix(es):
* jetty-server: Jetty: Gzip Request Body Buffer Corruption (CVE-2024-13009)
* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default (CVE-2025-48734)
* postgresql: pgjdbc insecure authentication in channel binding (CVE-2025-49146)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues\nfixed.\n\nSecurity Fix(es):\n \n* jetty-server: Jetty: Gzip Request Body Buffer Corruption (CVE-2024-13009)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default (CVE-2025-48734)\n\n* postgresql: pgjdbc insecure authentication in channel binding (CVE-2025-49146)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9697",
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "2372307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372307"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9697.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.3 for Spring Boot patch release.",
"tracking": {
"current_release_date": "2025-08-07T15:05:27+00:00",
"generator": {
"date": "2025-08-07T15:05:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:9697",
"initial_release_date": "2025-06-25T19:47:43+00:00",
"revision_history": [
{
"date": "2025-06-25T19:47:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-25T19:47:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-07T15:05:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7",
"product": {
"name": "Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7",
"product_id": "Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_spring_boot:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-05-08T18:00:47.047186+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data from a previous request when processing the current one.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Jetty: Gzip Request Body Buffer Corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an IMPORTANT severity because a buffer management vulnerability exists within the GzipHandler\u0027s buffer release mechanism when encountering gzip errors during request body inflation, this flaw can lead to the incorrect release and subsequent inadvertent sharing and corruption of request body data between concurrent uncompressed requests, results in data exposure and incorrect processing of requests due to corrupted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-13009"
},
{
"category": "external",
"summary": "RHBZ#2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
}
],
"release_date": "2025-05-08T17:29:31.380000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T19:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Jetty: Gzip Request Body Buffer Corruption"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T19:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
},
{
"cve": "CVE-2025-49146",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2025-06-11T15:01:33.735376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372307"
}
],
"notes": [
{
"category": "description",
"text": "A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves in the middle of a connection and intercept the connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pgjdbc: pgjdbc insecure authentication in channel binding",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49146"
},
{
"category": "external",
"summary": "RHBZ#2372307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0",
"url": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54",
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54"
}
],
"release_date": "2025-06-11T14:32:39.348000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T19:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pgjdbc: pgjdbc insecure authentication in channel binding"
}
]
}
rhsa-2025:9922
Vulnerability from csaf_redhat
Published
2025-06-30 13:16
Modified
2025-08-06 21:02
Summary
Red Hat Security Advisory: Streams for Apache Kafka 2.9.1 release and security update
Notes
Topic
Streams for Apache Kafka 2.9.1 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat Streams for Apache Kafka 2.9.1serves as a replacement for Red Hat Streams for Apache Kafka 2.9.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Cruise Control: json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) Security [amq-st-2] "(CVE-2023-1370)"
* Cruise Control, Bridge, Kafka: o.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine Security[amq-st-2] "(CVE-2025-24970)"
* Cruise Control, Bridge, Kafka: netty: Denial of Service attack on windows app using Netty Security [amq-st-2] "(CVE-2025-25193)"
* Cruise Control: kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption Security [amq-st-2] "(CVE-2024-56128)"
* Cruise Control, Operator: Jetty: Gzip Request Body Buffer Corruption Security[amq-st-2]"(CVE-2024-13009)"
* Cruise Control: kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider Security [amq-st-2] "(CVE-2024-31141)"
* Cruise Control, Oerator, Kafka: org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority Security [amq-st-2] "(CVE-2024-6763)"
* Zookeeper: netty: Denial of Service attack on windows app using Netty
Security [amq-st-2] "(CVE-2024-47535)"
* Zookeeper, Kafka: commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default Security [amq-st-2] "(CVE-2025-48734)"
* Bridge: org.apache.kafka: Kafka Client Arbitrary File Read SSRF Security [amq-st-2]"(CVE-2025-27817)"
* Bridge, Drain Cleaner: io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout Security "(CVE-2025-1634)"
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Streams for Apache Kafka 2.9.1 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat Streams for Apache Kafka 2.9.1serves as a replacement for Red Hat Streams for Apache Kafka 2.9.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Cruise Control: json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) Security [amq-st-2] \"(CVE-2023-1370)\"\n* Cruise Control, Bridge, Kafka: o.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine Security[amq-st-2] \"(CVE-2025-24970)\"\n* Cruise Control, Bridge, Kafka: netty: Denial of Service attack on windows app using Netty Security [amq-st-2] \"(CVE-2025-25193)\"\n* Cruise Control: kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption Security [amq-st-2] \"(CVE-2024-56128)\"\n* Cruise Control, Operator: Jetty: Gzip Request Body Buffer Corruption Security[amq-st-2]\"(CVE-2024-13009)\"\n* Cruise Control: kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider Security [amq-st-2] \"(CVE-2024-31141)\"\n* Cruise Control, Oerator, Kafka: org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority Security [amq-st-2] \"(CVE-2024-6763)\"\n* Zookeeper: netty: Denial of Service attack on windows app using Netty \n Security [amq-st-2] \"(CVE-2024-47535)\"\n* Zookeeper, Kafka: commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default Security [amq-st-2] \"(CVE-2025-48734)\"\n* Bridge: org.apache.kafka: Kafka Client Arbitrary File Read SSRF Security [amq-st-2]\"(CVE-2025-27817)\"\n* Bridge, Drain Cleaner: io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout Security \"(CVE-2025-1634)\"",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9922",
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "2318563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318563"
},
{
"category": "external",
"summary": "2325538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325538"
},
{
"category": "external",
"summary": "2327264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327264"
},
{
"category": "external",
"summary": "2333013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333013"
},
{
"category": "external",
"summary": "2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "external",
"summary": "2344788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344788"
},
{
"category": "external",
"summary": "2347319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347319"
},
{
"category": "external",
"summary": "2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "2371367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371367"
},
{
"category": "external",
"summary": "ENTMQST-6736",
"url": "https://issues.redhat.com/browse/ENTMQST-6736"
},
{
"category": "external",
"summary": "ENTMQST-6737",
"url": "https://issues.redhat.com/browse/ENTMQST-6737"
},
{
"category": "external",
"summary": "ENTMQST-6738",
"url": "https://issues.redhat.com/browse/ENTMQST-6738"
},
{
"category": "external",
"summary": "ENTMQST-6739",
"url": "https://issues.redhat.com/browse/ENTMQST-6739"
},
{
"category": "external",
"summary": "ENTMQST-6740",
"url": "https://issues.redhat.com/browse/ENTMQST-6740"
},
{
"category": "external",
"summary": "ENTMQST-6741",
"url": "https://issues.redhat.com/browse/ENTMQST-6741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9922.json"
}
],
"title": "Red Hat Security Advisory: Streams for Apache Kafka 2.9.1 release and security update",
"tracking": {
"current_release_date": "2025-08-06T21:02:08+00:00",
"generator": {
"date": "2025-08-06T21:02:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:9922",
"initial_release_date": "2025-06-30T13:16:39+00:00",
"revision_history": [
{
"date": "2025-06-30T13:16:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-30T13:16:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-06T21:02:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Streams for Apache Kafka 2.9.1",
"product": {
"name": "Streams for Apache Kafka 2.9.1",
"product_id": "Streams for Apache Kafka 2.9.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:2.9::el9"
}
}
}
],
"category": "product_family",
"name": "Streams for Apache Kafka"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2024-6763",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2024-10-14T16:00:54.963689+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2318563"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty. The HttpURI class performs insufficient validation on the authority segment of a URI. The HttpURI and the browser may differ on the value of the host extracted from an invalid URI. This combination of Jetty and a vulnerable browser may be vulnerable to an open redirect attack or an SSRF attack if the URI is used after passing validation checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For this attack to work, you would require the victim to have a vulnerable browser on top of that the URI being used after insufficient validation, all of which makes this a low-severity flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6763"
},
{
"category": "external",
"summary": "RHBZ#2318563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318563"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/pull/12012",
"url": "https://github.com/jetty/jetty.project/pull/12012"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25"
}
],
"release_date": "2024-10-14T15:06:07.298000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority"
},
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-05-08T18:00:47.047186+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data from a previous request when processing the current one.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Jetty: Gzip Request Body Buffer Corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an IMPORTANT severity because a buffer management vulnerability exists within the GzipHandler\u0027s buffer release mechanism when encountering gzip errors during request body inflation, this flaw can lead to the incorrect release and subsequent inadvertent sharing and corruption of request body data between concurrent uncompressed requests, results in data exposure and incorrect processing of requests due to corrupted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-13009"
},
{
"category": "external",
"summary": "RHBZ#2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
}
],
"release_date": "2025-05-08T17:29:31.380000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-server: Jetty: Gzip Request Body Buffer Corruption"
},
{
"cve": "CVE-2024-31141",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2024-11-19T09:00:35.857468+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2327264"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations, which include the ability to read from disk or environment variables. In applications where an untrusted party can specify Apache Kafka Clients configurations, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-269: Improper Privilege Management or CWE-552: Files or Directories Accessible to External Parties vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces strict Role-Based Access Control (RBAC), network segmentation, and pod security policies that significantly limit external access pathways. Access to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with least privilege principles to ensure that only authorized roles and users can execute or manipulate code. Additionally, process isolation ensures that processes running in one container or namespace cannot access files or directories belonging to another, even if file permissions are misconfigured.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-31141"
},
{
"category": "external",
"summary": "RHBZ#2327264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327264"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-31141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31141"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv",
"url": "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv"
}
],
"release_date": "2024-11-19T08:40:50.695000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider"
},
{
"cve": "CVE-2024-47535",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-11-12T16:01:18.772613+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2325538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Denial of Service attack on windows app using Netty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47535"
},
{
"category": "external",
"summary": "RHBZ#2325538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"url": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv"
}
],
"release_date": "2024-11-12T15:50:08.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Denial of Service attack on windows app using Netty"
},
{
"cve": "CVE-2024-56128",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2024-12-18T14:00:43.732728+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333013"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Kafka\u0027s implementation of the Salted Challenge Response Authentication Mechanism (SCRAM), which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka\u0027s SCRAM implementation did not perform this validation. In environments where SCRAM is operated over plaintext communication channels, an attacker with access to the exchange can intercept and potentially reuse authentication messages, leveraging the weak nonce validation to gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is marked with an Important severity because it compromises a fundamental security requirement of the SCRAM protocol as specified in RFC 5802 \u2014the validation of nonces for ensuring message integrity and preventing replay attacks. Without proper nonce validation, an attacker with plaintext access to the SCRAM authentication exchange could manipulate or replay parts of the authentication process, potentially gaining unauthorized access or disrupting the integrity of authentication. While the use of plaintext communication for SCRAM is discouraged, many legacy systems or misconfigured deployments may still rely on it, making them directly susceptible.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56128"
},
{
"category": "external",
"summary": "RHBZ#2333013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56128"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56128",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56128"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc5802",
"url": "https://datatracker.ietf.org/doc/html/rfc5802"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc5802#section-9",
"url": "https://datatracker.ietf.org/doc/html/rfc5802#section-9"
},
{
"category": "external",
"summary": "https://kafka.apache.org/documentation/#security_sasl_scram_security",
"url": "https://kafka.apache.org/documentation/#security_sasl_scram_security"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw",
"url": "https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw"
}
],
"release_date": "2024-12-18T13:38:03.068000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption"
},
{
"cve": "CVE-2025-1634",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2025-02-24T14:17:31.237000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2347319"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is marked as and Important severity rather than Moderate because it allows an unauthenticated attacker to trigger a denial of service condition by repeatedly sending crafted HTTP requests with low timeouts. The issue leads to a memory leak that cannot be recovered without restarting the application, ultimately resulting in an OutOfMemoryError and complete service failure.\n\nIn a production environment, this vulnerability poses a significant risk to availability, especially for applications handling multiple concurrent requests. Since no mitigation exists, all applications using quarkus-resteasy are affected until patched. The ease of exploitation, lack of required privileges, and high impact on service uptime justify the high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1634"
},
{
"category": "external",
"summary": "RHBZ#2347319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347319"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1634"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1634",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1634"
}
],
"release_date": "2025-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-02-10T23:00:52.785132+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Netty\u0027s SslHandler is of important severity rather than moderate because it directly impacts the stability and reliability of applications using native SSLEngine. By sending a specially crafted packet, an attacker can trigger a native crash, leading to a complete process termination. Unlike typical moderate vulnerabilities that might cause limited disruptions or require specific conditions, this flaw can be exploited remotely to induce a Denial of Service (DoS), affecting high-availability systems and mission-critical services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24970"
},
{
"category": "external",
"summary": "RHBZ#2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw",
"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
}
],
"release_date": "2025-02-10T21:57:28.730000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine"
},
{
"cve": "CVE-2025-25193",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-02-10T23:00:54.794769+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. An unsafe reading of the environment file could cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Denial of Service attack on windows app using Netty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects Windows environments, therefore, this would affect an environment when running a supported Red Hat JBoss EAP 7 or 8, for example, if running on Windows.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-25193"
},
{
"category": "external",
"summary": "RHBZ#2344788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386",
"url": "https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx",
"url": "https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx"
}
],
"release_date": "2025-02-10T22:02:17.197000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Denial of Service attack on windows app using Netty"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2025-06-10T08:00:46.717358+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2371367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery (SSRF) by a malicious client. Consequently, this can allow an attacker to read arbitrary files on the Kafka broker or initiate requests to internal or external resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.kafka: Kafka Client Arbitrary File Read SSRF",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect any Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27817"
},
{
"category": "external",
"summary": "RHBZ#2371367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27817"
},
{
"category": "external",
"summary": "https://kafka.apache.org/cve-list",
"url": "https://kafka.apache.org/cve-list"
}
],
"release_date": "2025-06-10T07:55:14.422000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "workaround",
"details": "To mitigate this flaw, explicitly set the allowed urls in SASL JAAS configuration using the system property \"-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls\".",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.apache.kafka: Kafka Client Arbitrary File Read SSRF"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
}
]
}
rhsa-2025:12511
Vulnerability from csaf_redhat
Published
2025-08-01 17:42
Modified
2025-08-14 19:32
Summary
Red Hat Security Advisory: Streams for Apache Kafka 3.0.0 release and security update
Notes
Topic
Streams for Apache Kafka 3.0.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat Streams for Apache Kafka 3.0.0 serves as a replacement for Red Hat Streams for Apache Kafka 2.9.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Cruise Control: json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) Security [amq-st-2] "(CVE-2023-1370)"
* Cruise Control, Drain Cleaner: io.netty:netty-handler: SslHandler doesn't
correctly validate packets which can lead to native crash when using native
SSLEngine Security[amq-st-2] "(CVE-2025-24970)"
* Cruise Control, Drain Cleaner: netty: Denial of Service attack on windows app using Netty Security [amq-st-2] "(CVE-2025-25193)"
Cruise Control: kafka: Apache Kafka: SCRAM authentication vulnerable to replay
attacks when used without encryption Security [amq-st-2] "(CVE-2024-56128)"
* Cruise Control: kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider Security [amq-st-2] "(CVE-2024-31141)"
* Cruise Control, Operator: Jetty: Gzip Request Body Buffer Corruption
Security[amq-st-2]"(CVE-2024-13009)"
* Cruise Control: org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority Security [amq-st-2] "(CVE-2024-6763)"
* Cruise Control: commons-beanutils: Apache Commons BeanUtils:
PropertyUtilsBean does not suppresses an enum's declaredClass property by
default Security [amq-st-2] "(CVE-2025-48734)"
* Cruise Control, Kafka, Drain Cleaner, Console: commons-lang-library:
Uncontrolled recursion flaw in Apache Commons Lang library [amq-st-2] "(CVE-2025-48924)"
* Opetator, Bridge: io.quarkus:quarkus-vertx package: data leak vulnerability has been discovered in the io.quarkus: quarkus-vertx package[amq-st-2] "(CVE-2025-49574)"
* Kafka, Operator, Bridge, Cruise Control, Bridge: Connect2id Nimbus JOSE + JWT: Denial of service flaw [amq-st-2] "(CVE-2025-53864)"
* Drain Cleaner: io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout [amq-st-2] "(CVE-2025-1634)"
* Drain Cleaner: netty: Denial of Service attack on windows app using Netty[amq-st-2] "(CVE-2024-47535)"
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Streams for Apache Kafka 3.0.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat Streams for Apache Kafka 3.0.0 serves as a replacement for Red Hat Streams for Apache Kafka 2.9.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Cruise Control: json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) Security [amq-st-2] \"(CVE-2023-1370)\"\n* Cruise Control, Drain Cleaner: io.netty:netty-handler: SslHandler doesn\u0027t\ncorrectly validate packets which can lead to native crash when using native\nSSLEngine Security[amq-st-2] \"(CVE-2025-24970)\"\n* Cruise Control, Drain Cleaner: netty: Denial of Service attack on windows app using Netty Security [amq-st-2] \"(CVE-2025-25193)\"\nCruise Control: kafka: Apache Kafka: SCRAM authentication vulnerable to replay\nattacks when used without encryption Security [amq-st-2] \"(CVE-2024-56128)\"\n* Cruise Control: kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider Security [amq-st-2] \"(CVE-2024-31141)\"\n* Cruise Control, Operator: Jetty: Gzip Request Body Buffer Corruption\nSecurity[amq-st-2]\"(CVE-2024-13009)\"\n* Cruise Control: org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority Security [amq-st-2] \"(CVE-2024-6763)\"\n* Cruise Control: commons-beanutils: Apache Commons BeanUtils:\nPropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by\ndefault Security [amq-st-2] \"(CVE-2025-48734)\"\n* Cruise Control, Kafka, Drain Cleaner, Console: commons-lang-library: \nUncontrolled recursion flaw in Apache Commons Lang library [amq-st-2] \"(CVE-2025-48924)\"\n* Opetator, Bridge: io.quarkus:quarkus-vertx package: data leak vulnerability has been discovered in the io.quarkus: quarkus-vertx package[amq-st-2] \"(CVE-2025-49574)\"\n* Kafka, Operator, Bridge, Cruise Control, Bridge: Connect2id Nimbus JOSE + JWT: Denial of service flaw [amq-st-2] \"(CVE-2025-53864)\"\n* Drain Cleaner: io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout [amq-st-2] \"(CVE-2025-1634)\"\n* Drain Cleaner: netty: Denial of Service attack on windows app using Netty[amq-st-2] \"(CVE-2024-47535)\"",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:12511",
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "2318563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318563"
},
{
"category": "external",
"summary": "2325538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325538"
},
{
"category": "external",
"summary": "2327264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327264"
},
{
"category": "external",
"summary": "2333013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333013"
},
{
"category": "external",
"summary": "2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "external",
"summary": "2344788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344788"
},
{
"category": "external",
"summary": "2347319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347319"
},
{
"category": "external",
"summary": "2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "2374376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374376"
},
{
"category": "external",
"summary": "2379485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379485"
},
{
"category": "external",
"summary": "2379554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379554"
},
{
"category": "external",
"summary": "ENTMQST-6772",
"url": "https://issues.redhat.com/browse/ENTMQST-6772"
},
{
"category": "external",
"summary": "ENTMQST-6773",
"url": "https://issues.redhat.com/browse/ENTMQST-6773"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_12511.json"
}
],
"title": "Red Hat Security Advisory: Streams for Apache Kafka 3.0.0 release and security update",
"tracking": {
"current_release_date": "2025-08-14T19:32:11+00:00",
"generator": {
"date": "2025-08-14T19:32:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:12511",
"initial_release_date": "2025-08-01T17:42:40+00:00",
"revision_history": [
{
"date": "2025-08-01T17:42:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-01T17:42:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-14T19:32:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Streams for Apache Kafka 3.0.0",
"product": {
"name": "Streams for Apache Kafka 3.0.0",
"product_id": "Streams for Apache Kafka 3.0.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2024-6763",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2024-10-14T16:00:54.963689+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2318563"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty. The HttpURI class performs insufficient validation on the authority segment of a URI. The HttpURI and the browser may differ on the value of the host extracted from an invalid URI. This combination of Jetty and a vulnerable browser may be vulnerable to an open redirect attack or an SSRF attack if the URI is used after passing validation checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For this attack to work, you would require the victim to have a vulnerable browser on top of that the URI being used after insufficient validation, all of which makes this a low-severity flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6763"
},
{
"category": "external",
"summary": "RHBZ#2318563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318563"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/pull/12012",
"url": "https://github.com/jetty/jetty.project/pull/12012"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25"
}
],
"release_date": "2024-10-14T15:06:07.298000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority"
},
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-05-08T18:00:47.047186+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data from a previous request when processing the current one.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Jetty: Gzip Request Body Buffer Corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an IMPORTANT severity because a buffer management vulnerability exists within the GzipHandler\u0027s buffer release mechanism when encountering gzip errors during request body inflation, this flaw can lead to the incorrect release and subsequent inadvertent sharing and corruption of request body data between concurrent uncompressed requests, results in data exposure and incorrect processing of requests due to corrupted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-13009"
},
{
"category": "external",
"summary": "RHBZ#2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
}
],
"release_date": "2025-05-08T17:29:31.380000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-server: Jetty: Gzip Request Body Buffer Corruption"
},
{
"cve": "CVE-2024-31141",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2024-11-19T09:00:35.857468+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2327264"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations, which include the ability to read from disk or environment variables. In applications where an untrusted party can specify Apache Kafka Clients configurations, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-269: Improper Privilege Management or CWE-552: Files or Directories Accessible to External Parties vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces strict Role-Based Access Control (RBAC), network segmentation, and pod security policies that significantly limit external access pathways. Access to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with least privilege principles to ensure that only authorized roles and users can execute or manipulate code. Additionally, process isolation ensures that processes running in one container or namespace cannot access files or directories belonging to another, even if file permissions are misconfigured.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-31141"
},
{
"category": "external",
"summary": "RHBZ#2327264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327264"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-31141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31141"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv",
"url": "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv"
}
],
"release_date": "2024-11-19T08:40:50.695000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider"
},
{
"cve": "CVE-2024-47535",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-11-12T16:01:18.772613+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2325538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Denial of Service attack on windows app using Netty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47535"
},
{
"category": "external",
"summary": "RHBZ#2325538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"url": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv"
}
],
"release_date": "2024-11-12T15:50:08.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Denial of Service attack on windows app using Netty"
},
{
"cve": "CVE-2024-56128",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2024-12-18T14:00:43.732728+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333013"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Kafka\u0027s implementation of the Salted Challenge Response Authentication Mechanism (SCRAM), which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka\u0027s SCRAM implementation did not perform this validation. In environments where SCRAM is operated over plaintext communication channels, an attacker with access to the exchange can intercept and potentially reuse authentication messages, leveraging the weak nonce validation to gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is marked with an Important severity because it compromises a fundamental security requirement of the SCRAM protocol as specified in RFC 5802 \u2014the validation of nonces for ensuring message integrity and preventing replay attacks. Without proper nonce validation, an attacker with plaintext access to the SCRAM authentication exchange could manipulate or replay parts of the authentication process, potentially gaining unauthorized access or disrupting the integrity of authentication. While the use of plaintext communication for SCRAM is discouraged, many legacy systems or misconfigured deployments may still rely on it, making them directly susceptible.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56128"
},
{
"category": "external",
"summary": "RHBZ#2333013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56128"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56128",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56128"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc5802",
"url": "https://datatracker.ietf.org/doc/html/rfc5802"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc5802#section-9",
"url": "https://datatracker.ietf.org/doc/html/rfc5802#section-9"
},
{
"category": "external",
"summary": "https://kafka.apache.org/documentation/#security_sasl_scram_security",
"url": "https://kafka.apache.org/documentation/#security_sasl_scram_security"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw",
"url": "https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw"
}
],
"release_date": "2024-12-18T13:38:03.068000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption"
},
{
"cve": "CVE-2025-1634",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2025-02-24T14:17:31.237000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2347319"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is marked as and Important severity rather than Moderate because it allows an unauthenticated attacker to trigger a denial of service condition by repeatedly sending crafted HTTP requests with low timeouts. The issue leads to a memory leak that cannot be recovered without restarting the application, ultimately resulting in an OutOfMemoryError and complete service failure.\n\nIn a production environment, this vulnerability poses a significant risk to availability, especially for applications handling multiple concurrent requests. Since no mitigation exists, all applications using quarkus-resteasy are affected until patched. The ease of exploitation, lack of required privileges, and high impact on service uptime justify the high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1634"
},
{
"category": "external",
"summary": "RHBZ#2347319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347319"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1634"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1634",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1634"
}
],
"release_date": "2025-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-02-10T23:00:52.785132+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Netty\u0027s SslHandler is of important severity rather than moderate because it directly impacts the stability and reliability of applications using native SSLEngine. By sending a specially crafted packet, an attacker can trigger a native crash, leading to a complete process termination. Unlike typical moderate vulnerabilities that might cause limited disruptions or require specific conditions, this flaw can be exploited remotely to induce a Denial of Service (DoS), affecting high-availability systems and mission-critical services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24970"
},
{
"category": "external",
"summary": "RHBZ#2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw",
"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
}
],
"release_date": "2025-02-10T21:57:28.730000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine"
},
{
"cve": "CVE-2025-25193",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-02-10T23:00:54.794769+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. An unsafe reading of the environment file could cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Denial of Service attack on windows app using Netty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects Windows environments, therefore, this would affect an environment when running a supported Red Hat JBoss EAP 7 or 8, for example, if running on Windows.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-25193"
},
{
"category": "external",
"summary": "RHBZ#2344788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386",
"url": "https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx",
"url": "https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx"
}
],
"release_date": "2025-02-10T22:02:17.197000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Denial of Service attack on windows app using Netty"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-07-11T15:01:08.754489+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379554"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass(...) method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48924"
},
{
"category": "external",
"summary": "RHBZ#2379554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1",
"url": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1"
}
],
"release_date": "2025-07-11T14:56:58.049000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang"
},
{
"cve": "CVE-2025-49574",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"discovery_date": "2025-06-23T20:00:57.216622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374376"
}
],
"notes": [
{
"category": "description",
"text": "A data leak vulnerability has been discovered in the io.quarkus:quarkus-vertx package. This flaw can lead to information disclosure if a Vert.x context that has already been duplicated is subsequently duplicated again. In such a scenario, sensitive data residing within that context may be unintentionally exposed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus/quarkus-vertx: Quarkus potential data leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49574"
},
{
"category": "external",
"summary": "RHBZ#2374376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49574"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49574",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49574"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1",
"url": "https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/issues/48227",
"url": "https://github.com/quarkusio/quarkus/issues/48227"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4",
"url": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4"
}
],
"release_date": "2025-06-23T19:47:05.454000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.quarkus/quarkus-vertx: Quarkus potential data leak"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-07-11T03:00:49.299379+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379485"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in Connect2id Nimbus JOSE + JWT. This issue can allow a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53864"
},
{
"category": "external",
"summary": "RHBZ#2379485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379485"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53864",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53864"
},
{
"category": "external",
"summary": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested"
},
{
"category": "external",
"summary": "https://github.com/google/gson/commit/1039427ff0100293dd3cf967a53a55282c0fef6b",
"url": "https://github.com/google/gson/commit/1039427ff0100293dd3cf967a53a55282c0fef6b"
},
{
"category": "external",
"summary": "https://github.com/google/gson/compare/gson-parent-2.11.0...gson-parent-2.12.0",
"url": "https://github.com/google/gson/compare/gson-parent-2.11.0...gson-parent-2.12.0"
}
],
"release_date": "2025-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…