{"containers":{"cna":{"affected":[{"product":"Eclipse Jetty","vendor":"The Eclipse Foundation","versions":[{"lessThan":"unspecified","status":"affected","version":"9.4.37","versionType":"custom"},{"lessThanOrEqual":"9.4.42","status":"affected","version":"unspecified","versionType":"custom"},{"lessThan":"unspecified","status":"affected","version":"10.0.1","versionType":"custom"},{"lessThanOrEqual":"10.0.5","status":"affected","version":"unspecified","versionType":"custom"},{"lessThan":"unspecified","status":"affected","version":"11.0.1","versionType":"custom"},{"lessThanOrEqual":"11.0.5","status":"affected","version":"unspecified","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-200","description":"CWE-200","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-551","description":"CWE-551","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-07-25T16:29:06.000Z","orgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","shortName":"eclipse"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"},{"name":"[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"},{"name":"[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"},{"name":"[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"},{"name":"[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"},{"name":"[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E"},{"name":"[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E"},{"name":"[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E"},{"name":"[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E"},{"name":"[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E"},{"name":"[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E"},{"name":"[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E"},{"name":"[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E"},{"name":"[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"},{"name":"[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E"},{"name":"[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E"},{"name":"[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E"},{"name":"[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20210819-0006/"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@eclipse.org","ID":"CVE-2021-34429","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Eclipse Jetty","version":{"version_data":[{"version_affected":">=","version_value":"9.4.37"},{"version_affected":"<=","version_value":"9.4.42"},{"version_affected":">=","version_value":"10.0.1"},{"version_affected":"<=","version_value":"10.0.5"},{"version_affected":">=","version_value":"11.0.1"},{"version_affected":"<=","version_value":"11.0.5"}]}}]},"vendor_name":"The Eclipse Foundation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5."}]},"impact":{"cvss":{"baseScore":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200"}]},{"description":[{"lang":"eng","value":"CWE-551"}]}]},"references":{"reference_data":[{"name":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm","refsource":"CONFIRM","url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"},{"name":"[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E"},{"name":"[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E"},{"name":"[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E"},{"name":"[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E"},{"name":"[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0@%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24@%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500@%3Ccommits.pulsar.apache.org%3E"},{"name":"[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1@%3Ccommits.pulsar.apache.org%3E"},{"name":"[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8@%3Ccommits.pulsar.apache.org%3E"},{"name":"[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1@%3Cdev.santuario.apache.org%3E"},{"name":"[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c@%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce@%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e@%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857@%3Ccommits.kafka.apache.org%3E"},{"name":"[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64@%3Ccommits.kafka.apache.org%3E"},{"name":"[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe@%3Ccommits.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6@%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e@%3Cdev.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17@%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e@%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c@%3Cjira.kafka.apache.org%3E"},{"name":"[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45@%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea@%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46@%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c@%3Ccommits.zookeeper.apache.org%3E"},{"name":"[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398@%3Ccommits.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63@%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E"},{"name":"[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46@%3Cissues.hbase.apache.org%3E"},{"name":"[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c@%3Cdev.hbase.apache.org%3E"},{"name":"[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429","refsource":"MLIST","url":"https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba@%3Cissues.hbase.apache.org%3E"},{"name":"[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E"},{"name":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"name":"https://security.netapp.com/advisory/ntap-20210819-0006/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20210819-0006/"},{"name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"name":"https://www.oracle.com/security-alerts/cpujul2022.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujul2022.html"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T00:12:50.169Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"},{"name":"[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"},{"name":"[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"},{"name":"[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"},{"name":"[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"},{"name":"[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E"},{"name":"[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E"},{"name":"[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E"},{"name":"[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E"},{"name":"[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E"},{"name":"[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E"},{"name":"[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E"},{"name":"[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E"},{"name":"[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E"},{"name":"[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E"},{"name":"[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E"},{"name":"[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"},{"name":"[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E"},{"name":"[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E"},{"name":"[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E"},{"name":"[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20210819-0006/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"}]}]},"cveMetadata":{"assignerOrgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","assignerShortName":"eclipse","cveId":"CVE-2021-34429","datePublished":"2021-07-15T17:00:10.000Z","dateReserved":"2021-06-09T00:00:00.000Z","dateUpdated":"2024-08-04T00:12:50.169Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}