In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "9.4.18-2build2", "binary_name": "jetty9" }, { "binary_version": "9.4.18-2build2", "binary_name": "libjetty9-extra-java" }, { "binary_version": "9.4.18-2build2", "binary_name": "libjetty9-java" } ] }