org.eclipse.jetty.http2:jetty-http2-common (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.eclipse.jetty.http2:jetty-http2-common, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2024-22201 — CVSS 7.5 (high): Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it…
CVE-2025-1948 — CVSS 7.5 (high): In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter…
CVE-2025-5115 — CVSS 7.5 (high): In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send…