CVE-2019-17632

Name of the Vulnerable Software and Affected Versions Eclipse Jetty versions 9.4.21.v20190926 through 9.4.23.v20191118

Description The issue concerns the generation of default unhandled Error response content in Eclipse Jetty, where Exception messages in stacktraces included in error output are not properly escaped. This affects the text/html and text/json Content-Type.

Recommendations For Eclipse Jetty versions 9.4.21.v20190926 through 9.4.23.v20191118, consider updating to a version where this issue is fixed, as the current versions do not properly escape Exception messages in error responses. At the moment, there is no information about a newer version that contains a fix for this vulnerability.