View Issue Details

IDProjectCategoryView StatusLast Update
0006645SymmetricDSImprovementpublic2024-11-13 20:31
Reporterpbelov Assigned Toelong  
Prioritynormal 
Status closedResolutionfixed 
Product Version3.15.0 
Target Version3.15.10Fixed in Version3.15.10 
Summary0006645: Update jetty server dependency to 11.0.24
DescriptionUpdate jetty server dependency to 11.0.24
This fixes [CVE-2024-8184] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
Description

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
Additional Informationhttps://github.com/jetty/jetty.project/releases/tag/jetty-11.0.24
Tagssecurity

Activities

There are no notes attached to this issue.

Related Changesets

SymmetricDS: 3.15 6fbfba50

2024-11-11 21:08:03

admin

Details Diff
0006645: Update jetty server dependency to 11.0.24 Affected Issues
0006645
mod - symmetric-assemble/common.gradle Diff File

Issue History

Date Modified Username Field Change
2024-11-11 21:01 pbelov New Issue
2024-11-11 21:01 pbelov Status new => assigned
2024-11-11 21:01 pbelov Assigned To => elong
2024-11-11 21:01 pbelov Tag Attached: security
2024-11-11 21:01 pbelov Project SymmetricDS Pro => SymmetricDS
2024-11-11 22:00 admin Changeset attached => SymmetricDS 3.15 6fbfba50
2024-11-13 18:33 cquamme Status assigned => resolved
2024-11-13 18:33 cquamme Resolution open => fixed
2024-11-13 18:33 cquamme Fixed in Version => 3.15.10
2024-11-13 18:33 cquamme Target Version => 3.15.10
2024-11-13 20:31 pbelov Status resolved => closed