{"id":"CVE-2022-2047","details":"In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.","aliases":["GHSA-cj7v-27pg-wf7q"],"modified":"2026-07-08T06:26:57.204062831Z","published":"2022-07-07T20:45:12Z","related":["CGA-5rw4-v8ph-63v2","openSUSE-SU-2024:12182-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2047.json","cna_assigner":"eclipse","cwe_ids":["CWE-20"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2047.json"},{"type":"ADVISORY","url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2047"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220901-0006/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5198"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jetty/jetty.project","events":[{"introduced":"0"},{"fixed":"bc17a0369a11ecf40bb92c839b9ef0a8ac50ea18"},{"introduced":"b9645a17373e4e9b7f30b6c0a07defcea2cb660b"},{"fixed":"a9eaf8d5d73369acf610ce88f850c0d56c4b1113"},{"introduced":"432f896d7a4555fcc81f38108757ea0aca8788e6"}],"database_specific":{"source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"9.4.46"},{"introduced":"10.0.0"},{"fixed":"10.0.9"},{"introduced":"11.0.0"},{"last_affected":"11.0.9"}],"cpe":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"}}],"versions":["10.0.0","11.0.0","9.4.0","jetty-10.0.8","jetty-9.4.42.v20210604","jetty-10.0.2","jetty-9.4.39.v20210325","jetty-9.4.37.v20210219","jetty-9.4.36.v20210114","jetty-9.4.32.v20200930","jetty-10.0.0.beta1","jetty-9.4.28.v20200408","jetty-9.4.27.v20200227","jetty-9.4.26.v20200117","jetty-9.4.15.v20190215","jetty-9.4.14.v20181114","jetty-9.4.13.v20181111","jetty-9.4.12.v20180830","jetty-9.4.6.v20170531","jetty-9.4.2.v20170220","jetty-9.4.10.v20180503","jetty-9.2.1.v20140609","jetty-9.2.0.v20140526","jetty-9.2.0.v20140523","jetty-9.2.0.RC0","jetty-9.2.0.M1","jetty-9.1.4.v20140401","jetty-9.2.0.M0","jetty-9.1.3.v20140225","jetty-9.1.2.v20140210","jetty-9.1.1.v20140108","jetty-9.1.0.v20131115","jetty-9.1.0.RC2","jetty-9.1.0.RC1","jetty-9.1.0.RC0","jetty-9.1.0.M0","jetty-8.1.0.RC0","jetty-8.0.0.RC0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2047.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"}]}