Gleb Sizov

**Name of the Vulnerable Software and Affected Versions** Eclipse Jetty versions 12.0.0 through 12.0.31 Eclipse Jetty versions 12.1.0 through 12.1.5 **Description** Eclipse Jetty’s `GzipHandler` class has an issue where a memory leak occurs when processing a compressed HTTP request (Content-Encoding: gzip) without a corresponding compressed response. The JDK `Inflater` is allocated for decompression but is not released because the release mechanism is linked to the compressed response. Since no compressed response is sent, the release mechanism does not activate, resulting in a memory leak. **Recommendations** Update Eclipse Jetty to a version later than 12.0.31. Update Eclipse Jetty to a version later than 12.1.5.