CVE-2021-34429

Summary

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Jetty9.4.37 < unspecifiedaffected
The Eclipse FoundationEclipse Jettyunspecified <= 9.4.42affected
The Eclipse FoundationEclipse Jetty10.0.1 < unspecifiedaffected
The Eclipse FoundationEclipse Jettyunspecified <= 10.0.5affected
The Eclipse FoundationEclipse Jetty11.0.1 < unspecifiedaffected
The Eclipse FoundationEclipse Jettyunspecified <= 11.0.5affected

Weaknesses

  • CWE-200: CWE-200
  • CWE-551: CWE-551

ADP Enrichment

CVE Program Container

Additional References

References