CVE-2021-28165
Published at:
-
01-04-2021 05:15
Last modified:
-
12-09-2022 07:47
Total changes:
-
27
Description
Common Vulnerability Scoring System (CVSS)
Low
Attack complexity
Network
Attack vector
High
Availability
None
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.5
Base score
3.9
3.6
Exploitability score
Impact score
Verification logic
Reference
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
- [zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165-Mailing List, Third Party Advisory
- [zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165-Mailing List, Third Party Advisory
- [zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1-Mailing List, Third Party Advisory
- [zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165-Mailing List, Third Party Advisory
- [zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165-Mailing List, Third Party Advisory
- [zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165-Mailing List, Third Party Advisory
- [zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165-Mailing List, Patch, Third Party Advisory
- [zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165-Mailing List, Patch, Third Party Advisory
- [zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165-Mailing List, Patch, Third Party Advisory
- [zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165-Mailing List, Third Party Advisory
- [zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165-Mailing List, Third Party Advisory
- [zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165-Mailing List, Patch, Third Party Advisory
- [zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165-Mailing List, Third Party Advisory
- [zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165-Mailing List, Patch, Third Party Advisory
- [hbase-dev] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [hbase-issues] 20210407 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165-Mailing List, Third Party Advisory
- [hbase-issues] 20210407 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165-Mailing List, Third Party Advisory
- [hbase-issues] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [hbase-issues] 20210407 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] HyukjinKwon commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] sarutak commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] MaxGekk closed pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] MaxGekk commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-issues] 20210408 [jira] [Resolved] (SPARK-34988) Upgrade Jetty for CVE-2021-28165-Issue Tracking, Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] viirya commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun edited a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-commits] 20210408 [spark] branch branch-2.4 updated: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-commits] 20210408 [spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165-Mailing List, Patch, Third Party Advisory
- [spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun closed pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [hbase-issues] 20210408 [GitHub] [hbase-thirdparty] apurtell merged pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165-Mailing List, Third Party Advisory
- [hbase-commits] 20210408 [hbase-thirdparty] branch master updated: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165 (#49)-Mailing List, Patch, Third Party Advisory
- [hbase-issues] 20210408 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165-Mailing List, Patch, Third Party Advisory
- [pulsar-commits] 20210409 [GitHub] [pulsar] dinghram opened a new pull request #10183: CVE-2021-28165-Jetty-Mailing List, Patch, Third Party Advisory
- [pulsar-commits] 20210409 [GitHub] [pulsar] merlimat commented on pull request #10183: CVE-2021-28165-Jetty-Mailing List, Third Party Advisory
- [kafka-dev] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39-Issue Tracking, Mailing List, Third Party Advisory
- [kafka-jira] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39-Issue Tracking, Mailing List, Third Party Advisory
- [kafka-jira] 20210412 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39-Issue Tracking, Mailing List, Third Party Advisory
- [pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai commented on pull request #10183: CVE-2021-28165-Jetty-Mailing List, Third Party Advisory
- [pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai closed pull request #10183: CVE-2021-28165-Jetty-Mailing List, Third Party Advisory
- [kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39-Mailing List, Third Party Advisory
- [kafka-jira] 20210412 [jira] [Assigned] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39-Issue Tracking, Mailing List, Third Party Advisory
- [kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39-Mailing List, Third Party Advisory
- [ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty-Issue Tracking, Mailing List, Third Party Advisory
- [ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty-Issue Tracking, Mailing List, Third Party Advisory
- [kafka-jira] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39-Issue Tracking, Mailing List, Third Party Advisory
- [kafka-jira] 20210413 [GitHub] [kafka] chia7712 merged pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39-Mailing List, Third Party Advisory
- [kafka-jira] 20210413 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39-Issue Tracking, Mailing List, Third Party Advisory
- [kafka-jira] 20210413 [GitHub] [kafka] edwin092 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39-Mailing List, Third Party Advisory
- [kafka-dev] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39-Issue Tracking, Mailing List, Third Party Advisory
- [kafka-jira] 20210413 [GitHub] [kafka] chia7712 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39-Mailing List, Third Party Advisory
- [kafka-jira] 20210413 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39-Mailing List, Third Party Advisory
- [solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr-Issue Tracking, Mailing List, Patch, Third Party Advisory
- [oss-security] 20210420 Vulnerability in Jenkins-Mailing List, Third Party Advisory
- [ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty-Issue Tracking, Mailing List, Third Party Advisory
- [ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty-Issue Tracking, Mailing List, Third Party Advisory
- [ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty-Issue Tracking, Mailing List, Third Party Advisory
- [solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr-Issue Tracking, Mailing List, Patch, Third Party Advisory
- [spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- [spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165-Mailing List, Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210611-0006/
- [solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr-Issue Tracking, Mailing List, Third Party Advisory
- [solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813-Issue Tracking, Mailing List, Third Party Advisory
- [solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813-Issue Tracking, Mailing List, Third Party Advisory
- [kafka-jira] 20210715 [jira] [Commented] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39-Issue Tracking, Mailing List, Third Party Advisory
- N/A-Patch, Third Party Advisory
- DSA-4949-Third Party Advisory
- [solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr-Issue Tracking, Mailing List, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Keywords