VDB
CVE-2021-34429
CVE-2021-34429
PUBLISHED
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
EPSS 93.78% · 99.9th percentile
Risk Scores
EPSS Score
93.78%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | jetty9 | 9.4.45-1, 9.4.44-3, 9.4.44-4 |
| Ubuntu:16.04:LTS | jetty9 | 9.2.14-1, 0 |
Timeline
- CVE Published
- Jul 16, 2021 EPSS Score
- Jul 27, 2021 PoC Published
- Jul 29, 2021 EPSS Score
- Aug 18, 2021 EPSS Score
- Sep 2, 2021 EPSS Score
- Sep 22, 2021 EPSS Score
- Oct 6, 2021 PoC Published
- Oct 9, 2021 EPSS Score
- Nov 3, 2021 PoC Published
- Nov 4, 2021 EPSS Score
- Nov 13, 2021 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-34429 third-party-advisory
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-34429 third-party-advisory