{"id":"CVE-2022-2047","details":"In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.","aliases":["GHSA-cj7v-27pg-wf7q"],"modified":"2026-04-10T04:43:10.091155Z","published":"2022-07-07T21:15:10.093Z","related":["CGA-5rw4-v8ph-63v2","GHSA-cj7v-27pg-wf7q","openSUSE-SU-2024:12182-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220901-0006/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5198"},{"type":"FIX","url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse/jetty.project","events":[{"introduced":"0"},{"fixed":"bc17a0369a11ecf40bb92c839b9ef0a8ac50ea18"},{"introduced":"b9645a17373e4e9b7f30b6c0a07defcea2cb660b"},{"fixed":"a9eaf8d5d73369acf610ce88f850c0d56c4b1113"},{"introduced":"432f896d7a4555fcc81f38108757ea0aca8788e6"},{"last_affected":"243a48a658a183130a8c8de353178d154ca04f04"},{"introduced":"0"},{"last_affected":"b9645a17373e4e9b7f30b6c0a07defcea2cb660b"},{"introduced":"0"},{"last_affected":"432f896d7a4555fcc81f38108757ea0aca8788e6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"9.4.46"},{"introduced":"10.0.0"},{"fixed":"10.0.9"},{"introduced":"11.0.0"},{"last_affected":"11.0.9"},{"introduced":"0"},{"last_affected":"10.0"},{"introduced":"0"},{"last_affected":"11.0"}]}}],"versions":["jetty-10.0.0","jetty-10.0.0.beta1","jetty-10.0.2","jetty-10.0.8","jetty-11.0.0","jetty-11.0.0-alpha0","jetty-11.0.0.beta1","jetty-11.0.0.beta2","jetty-11.0.2","jetty-11.0.8","jetty-11.0.9","jetty-8.0.0.RC0","jetty-8.1.0.RC0","jetty-9.1.0.M0","jetty-9.1.0.RC0","jetty-9.1.0.RC1","jetty-9.1.0.RC2","jetty-9.1.0.v20131115","jetty-9.1.1.v20140108","jetty-9.1.2.v20140210","jetty-9.1.3.v20140225","jetty-9.1.4.v20140401","jetty-9.2.0.M0","jetty-9.2.0.M1","jetty-9.2.0.RC0","jetty-9.2.0.v20140523","jetty-9.2.0.v20140526","jetty-9.2.1.v20140609","jetty-9.4.10.v20180503","jetty-9.4.12.v20180830","jetty-9.4.13.v20181111","jetty-9.4.14.v20181114","jetty-9.4.15.v20190215","jetty-9.4.2.v20170220","jetty-9.4.26.v20200117","jetty-9.4.27.v20200227","jetty-9.4.28.v20200408","jetty-9.4.32.v20200930","jetty-9.4.36.v20210114","jetty-9.4.37.v20210219","jetty-9.4.39.v20210325","jetty-9.4.42.v20210604","jetty-9.4.6.v20170531"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2047.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"}]}