In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.eclipse.jetty:jetty-server(Maven) | 7.2.2 | 9.4.39 | N/A |
| org.eclipse.jetty:jetty-server(Maven) | 10.0.0 | 10.0.2 | N/A |
| org.eclipse.jetty:jetty-server(Maven) | 11.0.0 | 11.0.2 | N/A |
CVSS Metrics
