{"id":"CVE-2019-17632","details":"In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output.","aliases":["GHSA-5h9j-q6j2-253f"],"modified":"2026-04-10T04:16:31.933436Z","published":"2019-11-25T22:15:11.437Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAITZ27GKPD2CCNHGT2VBT4VWIBUJJNS/"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"REPORT","url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=553443"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse/jetty.project","events":[{"introduced":"0"},{"last_affected":"72970db61a2904371e1218a95a3bef5d79788c33"},{"introduced":"0"},{"last_affected":"b1e6b55512e008f7fbdf1cbea4ff8a6446d1073b"},{"introduced":"0"},{"last_affected":"abbccc65d6cf5e8806dd35881147d618b9b5740b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.4.21-20190926"},{"introduced":"0"},{"last_affected":"9.4.22-20191022"},{"introduced":"0"},{"last_affected":"9.4.23-20191118"}]}}],"versions":["jetty-8.0.0.RC0","jetty-8.1.0.RC0","jetty-9.1.0.M0","jetty-9.1.0.RC0","jetty-9.1.0.RC1","jetty-9.1.0.RC2","jetty-9.1.0.v20131115","jetty-9.1.1.v20140108","jetty-9.1.2.v20140210","jetty-9.1.3.v20140225","jetty-9.1.4.v20140401","jetty-9.2.0.M0","jetty-9.2.0.M1","jetty-9.2.0.RC0","jetty-9.2.0.v20140523","jetty-9.2.0.v20140526","jetty-9.2.1.v20140609","jetty-9.4.10.v20180503","jetty-9.4.12.v20180830","jetty-9.4.13.v20181111","jetty-9.4.14.v20181114","jetty-9.4.15.v20190215","jetty-9.4.2.v20170220","jetty-9.4.21.v20190926","jetty-9.4.22.v20191022","jetty-9.4.23.v20191118","jetty-9.4.6.v20170531"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17632.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}