CVE-2019-11358
- EPSS 2.4%
- Published 20.04.2019 00:29:00
- Last modified 21.11.2024 04:20:56
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...
CVE-2017-7658
- EPSS 11.35%
- Published 26.06.2018 17:29:00
- Last modified 21.11.2024 03:32:23
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a...
CVE-2017-7657
- EPSS 7.64%
- Published 26.06.2018 16:29:00
- Last modified 21.11.2024 03:32:23
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow...
CVE-2017-9735
- EPSS 0.71%
- Published 16.06.2017 21:29:00
- Last modified 20.04.2025 01:37:25
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.