GHSA-q4rv-gq96-w7c5
First published: Thu May 08 2025(Updated: )
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.eclipse.jetty:jetty-server | >=9.4.0<=9.4.56 | 9.4.57.v20241219 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of GHSA-q4rv-gq96-w7c5?
The severity of GHSA-q4rv-gq96-w7c5 is considered medium due to potential data corruption risks.
How do I fix GHSA-q4rv-gq96-w7c5?
To fix GHSA-q4rv-gq96-w7c5, upgrade to Eclipse Jetty version 9.4.57.v20241219 or later.
Which versions of Jetty are affected by GHSA-q4rv-gq96-w7c5?
Eclipse Jetty versions 9.4.0 to 9.4.56 are affected by GHSA-q4rv-gq96-w7c5.
What kind of vulnerability is GHSA-q4rv-gq96-w7c5?
GHSA-q4rv-gq96-w7c5 is a buffer release vulnerability related to gzip errors when inflating request bodies.
What issues can GHSA-q4rv-gq96-w7c5 cause?
GHSA-q4rv-gq96-w7c5 can lead to corrupted and inadvertent sharing of data between requests.
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-q4rv-gq96-w7c5
- alias/CVE-2024-13009
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/source
- agent/references
- agent/softwarecombine
- agent/type
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- package-manager/maven