Eclipse Jetty is vulnerable to denial of service attacks. A remote, unauthenticated attacker could exploit the flawed SETTING Frame Handler
component due to the additional CPU and memory allocations required to handle setting changes causing denial of service conditions.
bugs.eclipse.org/bugs/show_bug.cgi?id=538096
lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2@%3Ccommits.accumulo.apache.org%3E
lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606@%3Cdevnull.infra.apache.org%3E
lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79@%3Cnotifications.accumulo.apache.org%3E
lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
lists.fedoraproject.org/archives/list/[email protected]/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/
www.oracle.com/security-alerts/cpuoct2020.html
www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html