The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.eclipse.jetty:jetty-server(Maven) | 9.3.0 | 9.3.9 | N/A |
CVSS Metrics
