4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
23.1%
Jetty-servlets is vulnerable to Arbitrary Code Execution. The vulnerability is due to insecure escaping of user input which can result in the execution of arbitrary commands. This vulnerability occurs in the CGI servlet handler through the getRuntime.exec()
method.
http:
github.com/eclipse/jetty.project/pull/9516
github.com/eclipse/jetty.project/pull/9516/commits/0857b1127d90e16e399da92e1ce830e4a8f13f54
github.com/eclipse/jetty.project/pull/9888
github.com/eclipse/jetty.project/pull/9889
github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
lists.debian.org/debian-lts-announce/2023/09/msg00039.html
www.debian.org/security/2023/dsa-5507