GHSA-966r-962g-2jq5

Suggest an improvement
Source
https://github.com/advisories/GHSA-966r-962g-2jq5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-966r-962g-2jq5/GHSA-966r-962g-2jq5.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-966r-962g-2jq5
Aliases
  • CVE-2007-5615
Published
2022-05-01T18:35:01Z
Modified
2024-12-03T05:53:32.532411Z
Summary
Mortbay Jetty CRLF Injection Vulnerability
Details

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Database specific
{
    "nvd_published_at": "2007-12-05T11:46:00Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-21T23:12:42Z"
}
References

Affected packages

Maven / org.mortbay.jetty:jetty

Package

Name
org.mortbay.jetty:jetty
View open source insights on deps.dev
Purl
pkg:maven/org.mortbay.jetty/jetty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.6rc0

Affected versions

test-6.*

test-6.0.0rc3
test-6.0.0rc4
test-6.0.0
test-6.0.1

4.*

4.1-rc1
4.1-rc6
4.2.2
4.2.3
4.2.9
4.2.10
4.2.12

6.*

6.0.0Beta1
6.0.0beta1
6.0.0beta2
6.0.0beta3
6.0.0beta4
6.0.0beta5
6.0.0beta6
6.0.0beta7
6.0.0beta8
6.0.0beta9
6.0.0beta10
6.0.0beta11
6.0.0beta12
6.0.0beta14
6.0.0beta15
6.0.0beta16
6.0.0beta17
6.0.0rc0
6.0.0rc1
6.0.0rc2
6.0.0rc3
6.0.0rc4
6.0.0
6.0.1
6.0.2
6.1.0rc0
6.1.0rc1
6.1.0rc2
6.1.0rc3
6.1.0
6.1H.4-beta
6.1H.4rc1
6.1H.5-beta
6.1H.6
6.1H.7
6.1H.8
6.1H.10
6.1H.14
6.1H.14.1
6.1H.22
6.1.0pre0
6.1.0pre1
6.1.0pre2
6.1.0pre3
6.1.1rc0
6.1.1rc1
6.1.1
6.1.2rc0
6.1.2rc1
6.1.2rc2
6.1.2rc4
6.1.2rc5
6.1.2
6.1.2pre0
6.1.2pre1
6.1.3
6.1.4rc0
6.1.4rc1
6.1.4
6.1.5rc0
6.1.5