CVSS: 5.8EPSS: 0%CPEs: 27EXPL: 0CVE-2020-27218 – jetty: buffer not correctly recycled in Gzip Request inflation
https://notcve.org/view.php?id=CVE-2020-27218
28 Nov 2020 — In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the bo... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892 • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 7.0EPSS: 0%CPEs: 33EXPL: 2CVE-2020-27216 – jetty: local temporary directory hijacking vulnerability
https://notcve.org/view.php?id=CVE-2020-27216
23 Oct 2020 — In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921 • CWE-377: Insecure Temporary File CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •