[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-17638":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":27,"downstream":28,"duplicates":39,"related":40,"reserved_at":9,"published_at":41,"modified_at":42,"state":43,"summary":44,"references_raw":53,"kevs":200,"epss":201,"epss_history":204,"metrics":452,"affected":464},"CVE-2019-17638","In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with other data. Thread1 then proceeds to write the buffer that now contains different data. This results in client1, which issued request1 seeing data from another request or response which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.). If the Jetty version cannot be upgraded, the vulnerability can be significantly reduced by configuring a responseHeaderSize significantly larger than the requestHeaderSize (12KB responseHeaderSize and 8KB requestHeaderSize).",null,[11,19],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-672","Operation on a Resource after Expiration or Release","The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.","weakness","Draft","Class",[],{"_key":20,"id":20,"name":21,"description":22,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":23},"CWE-675","Multiple Operations on Resource in Single-Operation Context","The product performs the same operation on a resource two or more times, when the operation should only be applied once.",[],[],[26],"GHSA-x3rh-m7vp-35f2",[],[29,31,33,35,37],{"_key":30},"UBUNTU-CVE-2019-17638",{"_key":32},"DEBIAN-CVE-2019-17638",{"_key":34},"RHSA-2020:3808",{"_key":36},"RHSA-2020:3841",{"_key":38},"RHSA-2020:4223",[],[],"2020-07-09T18:10:12.000Z","2024-08-05T01:47:13.630Z","Modified",{"cisa_kev":45,"cisa_ransomware":45,"cisa_vendor":9,"epss_severity":46,"epss_score":47,"severity":48,"severity_score":49,"severity_version":50,"severity_source":51,"severity_vector":52,"severity_status":43},false,"high",0.30928,"critical",9.4,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",[54,63,69,74,78,82,86,90,94,98,102,106,110,114,119,123,127,131,136,140,144,148,152,156,160,164,168,172,176,180,184,188,192,196],{"url":55,"sources":56,"tags":59},"https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984",[57,51,58],"cve.org","osv_maven",[60,61,62],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":64,"sources":65,"tags":66},"http://www.openwall.com/lists/oss-security/2020/08/17/1",[57,51,58],[67,68,62],"Mailing List","X Refsource MLIST",{"url":70,"sources":71,"tags":72},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB/",[57,51],[61,73],"X Refsource FEDORA",{"url":75,"sources":76,"tags":77},"https://lists.apache.org/thread.html/r4bdd3f7bb6820a79f9416b6667d718a06d269018619a75ce4b759318%40%3Ccommits.pulsar.apache.org%3E",[57,51],[67,68],{"url":79,"sources":80,"tags":81},"https://lists.apache.org/thread.html/r521168299e023fb075b57afe33d17ff1d09e8a10e0fd8c775ea0e028%40%3Ccommits.pulsar.apache.org%3E",[57,51],[67,68],{"url":83,"sources":84,"tags":85},"https://lists.apache.org/thread.html/r378e4cdec15e132575aa1dcb6296ffeff2a896745a8991522e266ad4%40%3Ccommits.pulsar.apache.org%3E",[57,51],[67,68],{"url":87,"sources":88,"tags":89},"https://lists.apache.org/thread.html/ra8661fc8c69c647cb06153c1485d48484a833d873f75dfe45937e9de%40%3Ccommits.pulsar.apache.org%3E",[57,51],[67,68],{"url":91,"sources":92,"tags":93},"https://lists.apache.org/thread.html/r81f58591fb4716fb867b36956f30c7c8ad4ab3f23abc952d9d86a2a0%40%3Ccommits.pulsar.apache.org%3E",[57,51],[67,68],{"url":95,"sources":96,"tags":97},"https://lists.apache.org/thread.html/r9a2cfa56d30782a0c17a5deb951a622d1f5c8de48e1c3b578ffc2a84%40%3Ccommits.pulsar.apache.org%3E",[57,51],[67,68],{"url":99,"sources":100,"tags":101},"https://lists.apache.org/thread.html/rbe1f230e87ea947593145d0072d0097ddb0af10fee1161db8ca1546c%40%3Ccommits.pulsar.apache.org%3E",[57,51],[67,68],{"url":103,"sources":104,"tags":105},"https://lists.apache.org/thread.html/r29073905dc9139d0d7a146595694bf57bb9e35e5ec6aa73eb9c8443a%40%3Ccommits.pulsar.apache.org%3E",[57,51],[67,68],{"url":107,"sources":108,"tags":109},"https://lists.apache.org/thread.html/r7fc5f2ed49641ea91c433e3cd0fc3d31c0278c87b82b15c33b881415%40%3Ccommits.pulsar.apache.org%3E",[57,51],[67,68],{"url":111,"sources":112,"tags":113},"https://lists.apache.org/thread.html/rd98cfd012490cb02caa1a11aaa0cc38bff2d43bcce9b20c2f01063dd%40%3Ccommits.pulsar.apache.org%3E",[57,51],[67,68],{"url":115,"sources":116,"tags":117},"https://www.oracle.com/security-alerts/cpuoct2020.html",[57,51,58],[118,62],"X Refsource MISC",{"url":120,"sources":121,"tags":122},"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E",[57,51],[67,68],{"url":124,"sources":125,"tags":126},"https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E",[57,51],[67,68],{"url":128,"sources":129,"tags":130},"https://www.oracle.com/security-alerts/cpuApr2021.html",[57,51,58],[118,62],{"url":132,"sources":133,"tags":134},"https://nvd.nist.gov/vuln/detail/CVE-2019-17638",[58],[135],"Advisory",{"url":137,"sources":138,"tags":139},"https://github.com/eclipse/jetty.project/issues/4936",[58],[62],{"url":141,"sources":142,"tags":143},"https://github.com/eclipse/jetty.project/commit/ff8ae56fa939c3477a0cdd1ff56ce3d902f08fba",[58],[62],{"url":145,"sources":146,"tags":147},"https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-575561",[58],[62],{"url":149,"sources":150,"tags":151},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB",[58],[62],{"url":153,"sources":154,"tags":155},"https://lists.apache.org/thread.html/rd98cfd012490cb02caa1a11aaa0cc38bff2d43bcce9b20c2f01063dd@%3Ccommits.pulsar.apache.org%3E",[58],[62],{"url":157,"sources":158,"tags":159},"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E",[58],[62],{"url":161,"sources":162,"tags":163},"https://lists.apache.org/thread.html/rbe1f230e87ea947593145d0072d0097ddb0af10fee1161db8ca1546c@%3Ccommits.pulsar.apache.org%3E",[58],[62],{"url":165,"sources":166,"tags":167},"https://lists.apache.org/thread.html/ra8661fc8c69c647cb06153c1485d48484a833d873f75dfe45937e9de@%3Ccommits.pulsar.apache.org%3E",[58],[62],{"url":169,"sources":170,"tags":171},"https://lists.apache.org/thread.html/r9a2cfa56d30782a0c17a5deb951a622d1f5c8de48e1c3b578ffc2a84@%3Ccommits.pulsar.apache.org%3E",[58],[62],{"url":173,"sources":174,"tags":175},"https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf@%3Ccommits.pulsar.apache.org%3E",[58],[62],{"url":177,"sources":178,"tags":179},"https://lists.apache.org/thread.html/r81f58591fb4716fb867b36956f30c7c8ad4ab3f23abc952d9d86a2a0@%3Ccommits.pulsar.apache.org%3E",[58],[62],{"url":181,"sources":182,"tags":183},"https://lists.apache.org/thread.html/r7fc5f2ed49641ea91c433e3cd0fc3d31c0278c87b82b15c33b881415@%3Ccommits.pulsar.apache.org%3E",[58],[62],{"url":185,"sources":186,"tags":187},"https://lists.apache.org/thread.html/r521168299e023fb075b57afe33d17ff1d09e8a10e0fd8c775ea0e028@%3Ccommits.pulsar.apache.org%3E",[58],[62],{"url":189,"sources":190,"tags":191},"https://lists.apache.org/thread.html/r4bdd3f7bb6820a79f9416b6667d718a06d269018619a75ce4b759318@%3Ccommits.pulsar.apache.org%3E",[58],[62],{"url":193,"sources":194,"tags":195},"https://lists.apache.org/thread.html/r378e4cdec15e132575aa1dcb6296ffeff2a896745a8991522e266ad4@%3Ccommits.pulsar.apache.org%3E",[58],[62],{"url":197,"sources":198,"tags":199},"https://lists.apache.org/thread.html/r29073905dc9139d0d7a146595694bf57bb9e35e5ec6aa73eb9c8443a@%3Ccommits.pulsar.apache.org%3E",[58],[62],[],{"date":202,"score":47,"percentile":203},"2026-06-04",0.96831,[205,208,211,214,217,219,222,224,226,229,232,235,237,240,242,246,249,252,255,258,261,264,266,269,272,274,277,280,284,287,290,292,295,297,300,302,305,308,311,314,317,319,322,325,328,330,332,334,337,339,341,343,346,349,353,355,357,360,363,366,369,372,375,378,380,383,386,389,392,395,398,400,403,406,409,412,415,418,421,423,426,429,432,434,436,439,442,444,446,449],{"date":206,"score":47,"percentile":207},"2025-11-04",0.96514,{"date":209,"score":47,"percentile":210},"2025-11-05",0.96512,{"date":212,"score":47,"percentile":213},"2025-11-06",0.96515,{"date":215,"score":47,"percentile":216},"2025-11-07",0.96518,{"date":218,"score":47,"percentile":216},"2025-11-08",{"date":220,"score":47,"percentile":221},"2025-11-09",0.96516,{"date":223,"score":47,"percentile":221},"2025-11-10",{"date":225,"score":47,"percentile":216},"2025-11-11",{"date":227,"score":47,"percentile":228},"2025-11-12",0.9652,{"date":230,"score":47,"percentile":231},"2025-11-13",0.96522,{"date":233,"score":47,"percentile":234},"2025-11-14",0.96523,{"date":236,"score":47,"percentile":231},"2025-11-15",{"date":238,"score":47,"percentile":239},"2025-11-16",0.96521,{"date":241,"score":47,"percentile":234},"2025-11-17",{"date":243,"score":244,"percentile":245},"2025-11-18",0.32161,0.96594,{"date":247,"score":244,"percentile":248},"2025-11-19",0.96595,{"date":250,"score":244,"percentile":251},"2025-11-20",0.96597,{"date":253,"score":47,"percentile":254},"2025-11-21",0.96532,{"date":256,"score":47,"percentile":257},"2025-11-22",0.96531,{"date":259,"score":47,"percentile":260},"2025-11-23",0.9653,{"date":262,"score":47,"percentile":263},"2025-11-24",0.96536,{"date":265,"score":47,"percentile":263},"2025-11-25",{"date":267,"score":47,"percentile":268},"2025-11-26",0.96537,{"date":270,"score":47,"percentile":271},"2025-11-27",0.96539,{"date":273,"score":47,"percentile":268},"2025-11-28",{"date":275,"score":47,"percentile":276},"2025-11-29",0.96538,{"date":278,"score":47,"percentile":279},"2025-11-30",0.9654,{"date":281,"score":282,"percentile":283},"2025-12-01",0.25777,0.96076,{"date":285,"score":282,"percentile":286},"2025-12-02",0.96075,{"date":288,"score":282,"percentile":289},"2025-12-03",0.96077,{"date":291,"score":47,"percentile":279},"2025-12-04",{"date":293,"score":47,"percentile":294},"2025-12-05",0.96543,{"date":296,"score":47,"percentile":294},"2025-12-06",{"date":298,"score":47,"percentile":299},"2025-12-07",0.96542,{"date":301,"score":47,"percentile":299},"2025-12-08",{"date":303,"score":47,"percentile":304},"2025-12-09",0.96544,{"date":306,"score":47,"percentile":307},"2025-12-10",0.96549,{"date":309,"score":47,"percentile":310},"2025-12-11",0.96552,{"date":312,"score":47,"percentile":313},"2025-12-12",0.96554,{"date":315,"score":47,"percentile":316},"2025-12-13",0.96553,{"date":318,"score":47,"percentile":316},"2025-12-14",{"date":320,"score":47,"percentile":321},"2025-12-15",0.96555,{"date":323,"score":47,"percentile":324},"2025-12-16",0.96559,{"date":326,"score":47,"percentile":327},"2025-12-17",0.96561,{"date":329,"score":47,"percentile":327},"2025-12-18",{"date":331,"score":47,"percentile":327},"2025-12-19",{"date":333,"score":47,"percentile":327},"2025-12-20",{"date":335,"score":47,"percentile":336},"2025-12-21",0.9656,{"date":338,"score":47,"percentile":336},"2025-12-22",{"date":340,"score":47,"percentile":324},"2025-12-23",{"date":342,"score":47,"percentile":336},"2025-12-24",{"date":344,"score":47,"percentile":345},"2025-12-25",0.96565,{"date":347,"score":47,"percentile":348},"2025-12-26",0.96564,{"date":350,"score":351,"percentile":352},"2025-12-27",0.26447,0.96174,{"date":354,"score":47,"percentile":348},"2025-12-28",{"date":356,"score":47,"percentile":348},"2025-12-29",{"date":358,"score":47,"percentile":359},"2025-12-30",0.96566,{"date":361,"score":47,"percentile":362},"2025-12-31",0.96571,{"date":364,"score":282,"percentile":365},"2026-01-01",0.9611,{"date":367,"score":282,"percentile":368},"2026-01-02",0.96107,{"date":370,"score":282,"percentile":371},"2026-01-03",0.96104,{"date":373,"score":47,"percentile":374},"2026-01-04",0.96569,{"date":376,"score":47,"percentile":377},"2026-01-05",0.96568,{"date":379,"score":47,"percentile":362},"2026-01-06",{"date":381,"score":47,"percentile":382},"2026-01-07",0.96573,{"date":384,"score":47,"percentile":385},"2026-01-08",0.96576,{"date":387,"score":47,"percentile":388},"2026-01-09",0.96578,{"date":390,"score":47,"percentile":391},"2026-01-10",0.96579,{"date":393,"score":47,"percentile":394},"2026-01-11",0.96581,{"date":396,"score":47,"percentile":397},"2026-01-12",0.9658,{"date":399,"score":47,"percentile":397},"2026-01-13",{"date":401,"score":47,"percentile":402},"2026-01-14",0.96584,{"date":404,"score":47,"percentile":405},"2026-01-15",0.96586,{"date":407,"score":47,"percentile":408},"2026-01-16",0.96588,{"date":410,"score":47,"percentile":411},"2026-01-17",0.96589,{"date":413,"score":47,"percentile":414},"2026-01-18",0.96591,{"date":416,"score":47,"percentile":417},"2026-01-19",0.9659,{"date":419,"score":47,"percentile":420},"2026-01-20",0.96592,{"date":422,"score":47,"percentile":420},"2026-01-21",{"date":424,"score":47,"percentile":425},"2026-01-22",0.96593,{"date":427,"score":47,"percentile":428},"2026-01-23",0.96599,{"date":430,"score":47,"percentile":431},"2026-01-24",0.96601,{"date":433,"score":47,"percentile":431},"2026-01-25",{"date":435,"score":47,"percentile":431},"2026-01-26",{"date":437,"score":47,"percentile":438},"2026-01-27",0.966,{"date":440,"score":47,"percentile":441},"2026-01-28",0.96602,{"date":443,"score":47,"percentile":441},"2026-01-29",{"date":445,"score":47,"percentile":441},"2026-01-30",{"date":447,"score":47,"percentile":448},"2026-01-31",0.96604,{"date":450,"score":282,"percentile":451},"2026-02-01",0.96136,[453,462],{"source":51,"cvss_v2_0":454,"cvss_v3_0":9,"cvss_v3_1":459,"cvss_v4_0":9},{"baseScore":455,"baseSeverity":9,"vectorString":456,"impactScore":457,"exploitabilityScore":458},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":49,"baseSeverity":460,"vectorString":52,"impactScore":461,"exploitabilityScore":458},"CRITICAL",9.2,{"source":58,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":463,"cvss_v4_0":9},{"baseScore":49,"baseSeverity":9,"vectorString":52,"impactScore":461,"exploitabilityScore":458},[465,477,492],{"ecosystem":9,"name":466,"vendor":467,"product":466,"cpe_part":468,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":469},"jetty","eclipse","a",[470,473,475],{"version":471,"is_range":45,"range_type":472,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.4.27:20200227","cpe",{"version":474,"is_range":45,"range_type":472,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.4.28:20200408",{"version":476,"is_range":45,"range_type":472,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.4.29:20200521",{"ecosystem":478,"name":479,"vendor":480,"product":481,"cpe_part":9,"purl_type":482,"purl_namespace":480,"purl_name":481,"source":9,"versions":483},"Maven","org.eclipse.jetty:jetty-server","org.eclipse.jetty","jetty-server","maven",[484],{"version":485,"is_range":486,"range_type":487,"version_start":488,"version_start_type":489,"version_end":490,"version_end_type":491,"fixed_in":9},"gte9_4_27_lt9_4_30_v20200611",true,"ecosystem","9.4.27","including","9.4.30.v20200611","excluding",{"ecosystem":9,"name":493,"vendor":494,"product":495,"cpe_part":468,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":496},"Eclipse Jetty","the eclipse foundation","eclipse jetty",[497],{"version":498,"is_range":45,"range_type":57,"version_start":498,"version_start_type":489,"version_end":498,"version_end_type":489,"fixed_in":9},"9.4.27.v20200227 to 9.4.29.v20200521"]