How severe is CVE-2022-2191?

CVE-2022-2191 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-2191

Name: jetty
Author: eclipse

7.5HIGH

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

Publicado: 7/7/2022Actualizado: 11/21/2024

Descripción

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

Análisis IAImpulsado por IA

Productos Afectados

eclipsejetty

Referencias

https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28
ExploitVendor Advisory
https://security.netapp.com/advisory/ntap-20220909-0003/
Third Party Advisory
https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28
ExploitVendor Advisory
https://security.netapp.com/advisory/ntap-20220909-0003/
Third Party Advisory