How severe is CVE-2022-2191?

CVE-2022-2191 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-2191

Name: jetty
Author: eclipse

7.5HIGH

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

Publicado: 7/7/2022Atualizado: 11/21/2024

Descrição

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

Análise IADesenvolvido por IA

Produtos Afetados

eclipsejetty

Referências

https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28
ExploitVendor Advisory
https://security.netapp.com/advisory/ntap-20220909-0003/
Third Party Advisory
https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28
ExploitVendor Advisory
https://security.netapp.com/advisory/ntap-20220909-0003/
Third Party Advisory