Hrsgit

Name of the Vulnerable Software and Affected Versions: Jetty versions 9.3.12 through 9.4.55 Jetty versions 10.0.0 through 10.0.23 Jetty versions 11.0.0 through 11.0.23 Jetty versions 12.0.0 through 12.0.8 Description: There exists a security vulnerability in Jetty's `ThreadLimitHandler.getRemote()` which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. Recommendations: For Jetty versions 9.3.12 through 9.4.55, update to version 9.4.56 or later. For Jetty versions 10.0.0 through 10.0.23, update to version 10.0.24 or later. For Jetty versions 11.0.0 through 11.0.23, update to version 11.0.24 or later. For Jetty versions 12.0.0 through 12.0.8, update to version 12.0.9 or later. As a temporary workaround, consider not using `ThreadLimitHandler` and instead use `QoSHandler` to artificially limit resource utilization.