[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-40167":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":30,"aliases":31,"duplicate_of":9,"upstream":33,"downstream":34,"duplicates":51,"related":52,"reserved_at":9,"published_at":60,"modified_at":61,"state":62,"summary":63,"references_raw":72,"kevs":108,"epss":109,"epss_history":112,"metrics":369,"affected":379},"CVE-2023-40167","Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field.  This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses.  There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.",null,[11,23],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-130","Improper Handling of Length Parameter Inconsistency","The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.","weakness","Incomplete","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"_key":24,"id":24,"name":25,"description":26,"type":27,"status":28,"abstraction":9,"likelihood_of_exploit":9,"capec":29},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[32],"GHSA-hmr7-m48g-48f6",[],[35,37,39,41,43,45,47,49],{"_key":36},"UBUNTU-CVE-2023-40167",{"_key":38},"SUSE-SU-2023:4210-1",{"_key":40},"DLA-3592-1",{"_key":42},"DSA-5507-1",{"_key":44},"DEBIAN-CVE-2023-40167",{"_key":46},"RHSA-2024:0778",{"_key":48},"RHSA-2024:0797",{"_key":50},"RHSA-2024:2010",[],[53,54,56,58],{"_key":38},{"_key":55},"CGA-J3H8-74JW-2W8W",{"_key":57},"CGA-VQPM-QWJ8-MFQ5",{"_key":59},"CGA-J3F3-WWGF-QVCF","2023-09-15T19:37:37.530Z","2025-02-13T17:03:25.096Z","Modified",{"cisa_kev":64,"cisa_ransomware":64,"cisa_vendor":9,"epss_severity":65,"epss_score":66,"severity":67,"severity_score":68,"severity_version":69,"severity_source":70,"severity_vector":71,"severity_status":62},false,"low",0.04575,"medium",5.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",[73,82,88,93,98,103],{"url":74,"sources":75,"tags":78},"https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",[70,76,77],"nvd","osv_maven",[79,80,81],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":83,"sources":84,"tags":85},"https://www.rfc-editor.org/rfc/rfc9110#section-8.6",[70,76,77],[86,87,81],"X Refsource MISC","Technical Description",{"url":89,"sources":90,"tags":91},"https://www.debian.org/security/2023/dsa-5507",[70,76,77],[92,81],"Third Party Advisory",{"url":94,"sources":95,"tags":96},"https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html",[70,76,77],[97,92,81],"Mailing List",{"url":99,"sources":100,"tags":101},"https://nvd.nist.gov/vuln/detail/CVE-2023-40167",[77],[102],"Advisory",{"url":104,"sources":105,"tags":106},"https://github.com/eclipse/jetty.project",[77],[107],"PACKAGE",[],{"date":110,"score":66,"percentile":111},"2026-06-04",0.89399,[113,117,120,123,126,129,132,135,138,141,144,147,149,152,154,158,161,164,167,170,172,175,178,181,183,185,188,190,194,197,199,202,205,207,210,212,215,218,221,224,227,230,233,236,239,242,244,247,250,252,255,258,261,264,268,271,274,277,280,283,286,289,292,294,296,299,302,305,308,311,314,317,320,322,325,327,329,331,334,337,340,343,346,349,352,355,358,361,363,366],{"date":114,"score":115,"percentile":116},"2025-11-04",0.05222,0.89458,{"date":118,"score":115,"percentile":119},"2025-11-05",0.89456,{"date":121,"score":115,"percentile":122},"2025-11-06",0.89455,{"date":124,"score":115,"percentile":125},"2025-11-07",0.89462,{"date":127,"score":115,"percentile":128},"2025-11-08",0.89465,{"date":130,"score":115,"percentile":131},"2025-11-09",0.89463,{"date":133,"score":115,"percentile":134},"2025-11-10",0.89461,{"date":136,"score":115,"percentile":137},"2025-11-11",0.89464,{"date":139,"score":115,"percentile":140},"2025-11-12",0.89471,{"date":142,"score":115,"percentile":143},"2025-11-13",0.89474,{"date":145,"score":115,"percentile":146},"2025-11-14",0.89478,{"date":148,"score":115,"percentile":143},"2025-11-15",{"date":150,"score":115,"percentile":151},"2025-11-16",0.89476,{"date":153,"score":115,"percentile":143},"2025-11-17",{"date":155,"score":156,"percentile":157},"2025-11-18",0.03624,0.86622,{"date":159,"score":156,"percentile":160},"2025-11-19",0.86623,{"date":162,"score":156,"percentile":163},"2025-11-20",0.86624,{"date":165,"score":115,"percentile":166},"2025-11-21",0.89487,{"date":168,"score":115,"percentile":169},"2025-11-22",0.89489,{"date":171,"score":115,"percentile":166},"2025-11-23",{"date":173,"score":115,"percentile":174},"2025-11-24",0.89491,{"date":176,"score":115,"percentile":177},"2025-11-25",0.89494,{"date":179,"score":115,"percentile":180},"2025-11-26",0.89495,{"date":182,"score":115,"percentile":180},"2025-11-27",{"date":184,"score":115,"percentile":166},"2025-11-28",{"date":186,"score":115,"percentile":187},"2025-11-29",0.89548,{"date":189,"score":115,"percentile":187},"2025-11-30",{"date":191,"score":192,"percentile":193},"2025-12-01",0.05532,0.8995,{"date":195,"score":192,"percentile":196},"2025-12-02",0.89954,{"date":198,"score":192,"percentile":196},"2025-12-03",{"date":200,"score":115,"percentile":201},"2025-12-04",0.8955,{"date":203,"score":115,"percentile":204},"2025-12-05",0.89551,{"date":206,"score":115,"percentile":204},"2025-12-06",{"date":208,"score":115,"percentile":209},"2025-12-07",0.89547,{"date":211,"score":115,"percentile":187},"2025-12-08",{"date":213,"score":115,"percentile":214},"2025-12-09",0.89553,{"date":216,"score":115,"percentile":217},"2025-12-10",0.89572,{"date":219,"score":115,"percentile":220},"2025-12-11",0.89575,{"date":222,"score":115,"percentile":223},"2025-12-12",0.89581,{"date":225,"score":115,"percentile":226},"2025-12-13",0.89584,{"date":228,"score":115,"percentile":229},"2025-12-14",0.89586,{"date":231,"score":115,"percentile":232},"2025-12-15",0.89587,{"date":234,"score":115,"percentile":235},"2025-12-16",0.89579,{"date":237,"score":115,"percentile":238},"2025-12-17",0.89583,{"date":240,"score":115,"percentile":241},"2025-12-18",0.8959,{"date":243,"score":115,"percentile":241},"2025-12-19",{"date":245,"score":115,"percentile":246},"2025-12-20",0.89588,{"date":248,"score":115,"percentile":249},"2025-12-21",0.89594,{"date":251,"score":115,"percentile":249},"2025-12-22",{"date":253,"score":115,"percentile":254},"2025-12-23",0.89596,{"date":256,"score":115,"percentile":257},"2025-12-24",0.89603,{"date":259,"score":115,"percentile":260},"2025-12-25",0.89615,{"date":262,"score":115,"percentile":263},"2025-12-26",0.89613,{"date":265,"score":266,"percentile":267},"2025-12-27",0.03406,0.87114,{"date":269,"score":115,"percentile":270},"2025-12-28",0.89608,{"date":272,"score":115,"percentile":273},"2025-12-29",0.89605,{"date":275,"score":115,"percentile":276},"2025-12-30",0.89611,{"date":278,"score":115,"percentile":279},"2025-12-31",0.89619,{"date":281,"score":192,"percentile":282},"2026-01-01",0.90032,{"date":284,"score":192,"percentile":285},"2026-01-02",0.90026,{"date":287,"score":192,"percentile":288},"2026-01-03",0.90025,{"date":290,"score":115,"percentile":291},"2026-01-04",0.89618,{"date":293,"score":115,"percentile":260},"2026-01-05",{"date":295,"score":115,"percentile":279},"2026-01-06",{"date":297,"score":115,"percentile":298},"2026-01-07",0.89623,{"date":300,"score":115,"percentile":301},"2026-01-08",0.89627,{"date":303,"score":115,"percentile":304},"2026-01-09",0.89629,{"date":306,"score":115,"percentile":307},"2026-01-10",0.8963,{"date":309,"score":115,"percentile":310},"2026-01-11",0.89621,{"date":312,"score":115,"percentile":313},"2026-01-12",0.8962,{"date":315,"score":115,"percentile":316},"2026-01-13",0.89617,{"date":318,"score":115,"percentile":319},"2026-01-14",0.89633,{"date":321,"score":115,"percentile":319},"2026-01-15",{"date":323,"score":115,"percentile":324},"2026-01-16",0.89637,{"date":326,"score":115,"percentile":324},"2026-01-17",{"date":328,"score":115,"percentile":319},"2026-01-18",{"date":330,"score":115,"percentile":319},"2026-01-19",{"date":332,"score":115,"percentile":333},"2026-01-20",0.89634,{"date":335,"score":115,"percentile":336},"2026-01-21",0.89638,{"date":338,"score":115,"percentile":339},"2026-01-22",0.89641,{"date":341,"score":115,"percentile":342},"2026-01-23",0.8965,{"date":344,"score":115,"percentile":345},"2026-01-24",0.89658,{"date":347,"score":115,"percentile":348},"2026-01-25",0.89661,{"date":350,"score":115,"percentile":351},"2026-01-26",0.8966,{"date":353,"score":115,"percentile":354},"2026-01-27",0.89663,{"date":356,"score":115,"percentile":357},"2026-01-28",0.89669,{"date":359,"score":115,"percentile":360},"2026-01-29",0.8967,{"date":362,"score":115,"percentile":357},"2026-01-30",{"date":364,"score":115,"percentile":365},"2026-01-31",0.89668,{"date":367,"score":192,"percentile":368},"2026-02-01",0.90074,[370,375,377],{"source":70,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":371,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":372,"vectorString":71,"impactScore":373,"exploitabilityScore":374},"MEDIUM",2.3,10,{"source":76,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":376,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":372,"vectorString":71,"impactScore":373,"exploitabilityScore":374},{"source":77,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":378,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":9,"vectorString":71,"impactScore":373,"exploitabilityScore":374},[380,393,425,439],{"ecosystem":9,"name":381,"vendor":382,"product":383,"cpe_part":384,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":385},"debian linux","debian","debian_linux","o",[386,389,391],{"version":387,"is_range":64,"range_type":388,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"version":390,"is_range":64,"range_type":388,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"version":392,"is_range":64,"range_type":388,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0",{"ecosystem":9,"name":394,"vendor":395,"product":394,"cpe_part":396,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":397},"jetty","eclipse","a",[398,405,409,413,415,417,419,421,423],{"version":399,"is_range":400,"range_type":388,"version_start":401,"version_start_type":402,"version_end":403,"version_end_type":404,"fixed_in":9},"gte9.0.0_lt9.4.52",true,"9.0.0","including","9.4.52","excluding",{"version":406,"is_range":400,"range_type":388,"version_start":407,"version_start_type":402,"version_end":408,"version_end_type":404,"fixed_in":9},"gte10.0.0_lt10.0.16","10.0.0","10.0.16",{"version":410,"is_range":400,"range_type":388,"version_start":411,"version_start_type":402,"version_end":412,"version_end_type":404,"fixed_in":9},"gte11.0.0_lt11.0.16","11.0.0","11.0.16",{"version":414,"is_range":64,"range_type":388,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0.0",{"version":416,"is_range":64,"range_type":388,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0.0:beta0",{"version":418,"is_range":64,"range_type":388,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0.0:beta1",{"version":420,"is_range":64,"range_type":388,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0.0:beta2",{"version":422,"is_range":64,"range_type":388,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0.0:beta3",{"version":424,"is_range":64,"range_type":388,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0.0:beta4",{"ecosystem":9,"name":426,"vendor":395,"product":426,"cpe_part":396,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":427},"jetty.project",[428,431,434,437],{"version":429,"is_range":400,"range_type":70,"version_start":401,"version_start_type":402,"version_end":430,"version_end_type":402,"fixed_in":9},">= 9.0.0, \u003C= 9.4.51","9.4.51",{"version":432,"is_range":400,"range_type":70,"version_start":407,"version_start_type":402,"version_end":433,"version_end_type":402,"fixed_in":9},">= 10.0.0, \u003C= 10.0.15","10.0.15",{"version":435,"is_range":400,"range_type":70,"version_start":411,"version_start_type":402,"version_end":436,"version_end_type":402,"fixed_in":9},">= 11.0.0, \u003C= 11.0.15","11.0.15",{"version":438,"is_range":64,"range_type":70,"version_start":438,"version_start_type":402,"version_end":438,"version_end_type":402,"fixed_in":9},"= 12.0.0",{"ecosystem":440,"name":441,"vendor":442,"product":443,"cpe_part":9,"purl_type":444,"purl_namespace":442,"purl_name":443,"source":9,"versions":445},"Maven","org.eclipse.jetty:jetty-http","org.eclipse.jetty","jetty-http","maven",[446,449,451,453],{"version":447,"is_range":400,"range_type":448,"version_start":401,"version_start_type":402,"version_end":403,"version_end_type":404,"fixed_in":9},"gte9_0_0_lt9_4_52","ecosystem",{"version":450,"is_range":400,"range_type":448,"version_start":407,"version_start_type":402,"version_end":408,"version_end_type":404,"fixed_in":9},"gte10_0_0_lt10_0_16",{"version":452,"is_range":400,"range_type":448,"version_start":411,"version_start_type":402,"version_end":412,"version_end_type":404,"fixed_in":9},"gte11_0_0_lt11_0_16",{"version":454,"is_range":400,"range_type":448,"version_start":414,"version_start_type":402,"version_end":455,"version_end_type":404,"fixed_in":9},"gte12_0_0_lt12_0_1","12.0.1"]