QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2020-27218

Back to search

CVE-2020-27218

Published: Nov 28, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.

VendorProductVersions

The Eclipse Foundation

Eclipse Jetty

affected
9.4.0.RC0 to 9.4.34.v20201102
affected
10.0.0.alpha0 to 10.0.0.beta2
affected
11.0.0.alpha0 to 11.0.0.beta2

Weaknesses (CWE)

CWE-226

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now