gsd-2021-28165
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
Aliases
Aliases



{
   GSD: {
      alias: "CVE-2021-28165",
      description: "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.",
      id: "GSD-2021-28165",
      references: [
         "https://www.suse.com/security/cve/CVE-2021-28165.html",
         "https://www.debian.org/security/2021/dsa-4949",
         "https://access.redhat.com/errata/RHSA-2021:4767",
         "https://access.redhat.com/errata/RHSA-2021:3700",
         "https://access.redhat.com/errata/RHSA-2021:3225",
         "https://access.redhat.com/errata/RHSA-2021:3140",
         "https://access.redhat.com/errata/RHSA-2021:2689",
         "https://access.redhat.com/errata/RHSA-2021:1560",
         "https://access.redhat.com/errata/RHSA-2021:1551",
         "https://access.redhat.com/errata/RHSA-2021:1509",
         "https://security.archlinux.org/CVE-2021-28165",
         "https://access.redhat.com/errata/RHSA-2022:6407",
      ],
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2021-28165",
         ],
         details: "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.",
         id: "GSD-2021-28165",
         modified: "2023-12-13T01:23:29.152537Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "security@eclipse.org",
            ID: "CVE-2021-28165",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "Eclipse Jetty",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: ">=",
                                       version_value: "7.2.2",
                                    },
                                    {
                                       version_affected: "<=",
                                       version_value: "9.4.38",
                                    },
                                    {
                                       version_affected: ">=",
                                       version_value: "10.0.0.alpha0",
                                    },
                                    {
                                       version_affected: "<=",
                                       version_value: "10.0.1",
                                    },
                                    {
                                       version_affected: ">=",
                                       version_value: "11.0.0.alpha0",
                                    },
                                    {
                                       version_affected: "<=",
                                       version_value: "11.0.1",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "The Eclipse Foundation",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.",
               },
            ],
         },
         impact: {
            cvss: {
               baseScore: 7.5,
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "CWE-400",
                     },
                  ],
               },
               {
                  description: [
                     {
                        lang: "eng",
                        value: "CWE-551",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
                  refsource: "CONFIRM",
                  url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
               },
               {
                  name: "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287@%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94@%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a@%3Cnotifications.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b@%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486@%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab@%3Cnotifications.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e@%3Cdev.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959@%3Cdev.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2@%3Cnotifications.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d@%3Cnotifications.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7@%3Cnotifications.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f@%3Ccommits.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464@%3Cnotifications.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36@%3Ccommits.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0@%3Cnotifications.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc@%3Cnotifications.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2@%3Ccommits.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77@%3Ccommits.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb@%3Ccommits.zookeeper.apache.org%3E",
               },
               {
                  name: "[hbase-dev] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b@%3Cdev.hbase.apache.org%3E",
               },
               {
                  name: "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449@%3Cissues.hbase.apache.org%3E",
               },
               {
                  name: "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa@%3Cissues.hbase.apache.org%3E",
               },
               {
                  name: "[hbase-issues] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f@%3Cissues.hbase.apache.org%3E",
               },
               {
                  name: "[hbase-issues] 20210407 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4@%3Cissues.hbase.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a@%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81@%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da@%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913@%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] HyukjinKwon commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210408 [jira] [Resolved] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424@%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk closed pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun edited a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-commits] 20210408 [spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78@%3Ccommits.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun closed pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] viirya commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-commits] 20210408 [spark] branch branch-2.4 updated: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97@%3Ccommits.spark.apache.org%3E",
               },
               {
                  name: "[hbase-issues] 20210408 [GitHub] [hbase-thirdparty] apurtell merged pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d@%3Cissues.hbase.apache.org%3E",
               },
               {
                  name: "[hbase-issues] 20210408 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225@%3Cissues.hbase.apache.org%3E",
               },
               {
                  name: "[hbase-commits] 20210408 [hbase-thirdparty] branch master updated: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165 (#49)",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1@%3Ccommits.hbase.apache.org%3E",
               },
               {
                  name: "[pulsar-commits] 20210409 [GitHub] [pulsar] dinghram opened a new pull request #10183: CVE-2021-28165-Jetty",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155@%3Ccommits.pulsar.apache.org%3E",
               },
               {
                  name: "[pulsar-commits] 20210409 [GitHub] [pulsar] merlimat commented on pull request #10183: CVE-2021-28165-Jetty",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed@%3Ccommits.pulsar.apache.org%3E",
               },
               {
                  name: "[kafka-jira] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812@%3Cjira.kafka.apache.org%3E",
               },
               {
                  name: "[kafka-dev] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7@%3Cdev.kafka.apache.org%3E",
               },
               {
                  name: "[kafka-jira] 20210412 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825@%3Cjira.kafka.apache.org%3E",
               },
               {
                  name: "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai closed pull request #10183: CVE-2021-28165-Jetty",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f@%3Ccommits.pulsar.apache.org%3E",
               },
               {
                  name: "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai commented on pull request #10183: CVE-2021-28165-Jetty",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc@%3Ccommits.pulsar.apache.org%3E",
               },
               {
                  name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E",
               },
               {
                  name: "[kafka-jira] 20210412 [jira] [Assigned] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3@%3Cjira.kafka.apache.org%3E",
               },
               {
                  name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7@%3Cjira.kafka.apache.org%3E",
               },
               {
                  name: "[kafka-jira] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38@%3Cjira.kafka.apache.org%3E",
               },
               {
                  name: "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E",
               },
               {
                  name: "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 merged pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7@%3Cjira.kafka.apache.org%3E",
               },
               {
                  name: "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E",
               },
               {
                  name: "[kafka-jira] 20210413 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020@%3Cjira.kafka.apache.org%3E",
               },
               {
                  name: "[kafka-dev] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7@%3Cdev.kafka.apache.org%3E",
               },
               {
                  name: "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e@%3Cjira.kafka.apache.org%3E",
               },
               {
                  name: "[kafka-jira] 20210413 [GitHub] [kafka] edwin092 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f@%3Cjira.kafka.apache.org%3E",
               },
               {
                  name: "[kafka-jira] 20210413 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1@%3Cjira.kafka.apache.org%3E",
               },
               {
                  name: "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E",
               },
               {
                  name: "[oss-security] 20210420 Vulnerability in Jenkins",
                  refsource: "MLIST",
                  url: "http://www.openwall.com/lists/oss-security/2021/04/20/3",
               },
               {
                  name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E",
               },
               {
                  name: "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E",
               },
               {
                  name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E",
               },
               {
                  name: "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7@%3Creviews.spark.apache.org%3E",
               },
               {
                  name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E",
               },
               {
                  name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E",
               },
               {
                  name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E",
               },
               {
                  name: "[kafka-jira] 20210715 [jira] [Commented] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a@%3Cjira.kafka.apache.org%3E",
               },
               {
                  name: "https://www.oracle.com//security-alerts/cpujul2021.html",
                  refsource: "MISC",
                  url: "https://www.oracle.com//security-alerts/cpujul2021.html",
               },
               {
                  name: "https://security.netapp.com/advisory/ntap-20210611-0006/",
                  refsource: "CONFIRM",
                  url: "https://security.netapp.com/advisory/ntap-20210611-0006/",
               },
               {
                  name: "DSA-4949",
                  refsource: "DEBIAN",
                  url: "https://www.debian.org/security/2021/dsa-4949",
               },
               {
                  name: "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E",
               },
               {
                  name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  refsource: "MISC",
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
               {
                  name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  refsource: "MISC",
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  name: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  refsource: "MISC",
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
            ],
         },
      },
      "gitlab.com": {
         advisories: [
            {
               affected_range: "[7.2.2,9.4.39),[10.0.0,10.0.2),[11.0.0,11.0.2)",
               affected_versions: "All versions starting from 7.2.2 before 9.4.39, all versions starting from 10.0.0 before 10.0.2, all versions starting from 11.0.0 before 11.0.2",
               cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               cwe_ids: [
                  "CWE-1035",
                  "CWE-755",
                  "CWE-937",
               ],
               date: "2022-07-29",
               description: "In Eclipse Jetty to alpha0 to alpha0 to, CPU usage can reach % upon receiving a large invalid TLS frame.",
               fixed_versions: [
                  "9.4.39.v20210325",
                  "10.0.2",
                  "11.0.2",
               ],
               identifier: "CVE-2021-28165",
               identifiers: [
                  "CVE-2021-28165",
                  "GHSA-26vr-8j45-3r4w",
               ],
               not_impacted: "All versions before 7.2.2, all versions starting from 9.4.39 before 10.0.0, all versions starting from 10.0.2 before 11.0.0, all versions starting from 11.0.2",
               package_slug: "maven/org.eclipse.jetty/jetty-client",
               pubdate: "2021-04-01",
               solution: "Upgrade to versions 9.4.39.v20210325, 10.0.2, 11.0.2 or above.",
               title: "Uncontrolled Resource Consumption",
               urls: [
                  "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
               ],
               uuid: "dacbc243-ad34-431b-a76e-6aadbd88fa41",
            },
            {
               affected_range: "[7.2.2,9.4.39),[10.0.0,10.0.2),[11.0.0,11.0.2)",
               affected_versions: "All versions starting from 7.2.2 before 9.4.39, all versions starting from 10.0.0 before 10.0.2, all versions starting from 11.0.0 before 11.0.2",
               cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               cwe_ids: [
                  "CWE-1035",
                  "CWE-755",
                  "CWE-937",
               ],
               date: "2022-07-29",
               description: "In Eclipse Jetty to alpha0 to alpha0 to, CPU usage can reach % upon receiving a large invalid TLS frame.",
               fixed_versions: [
                  "9.4.39.v20210325",
                  "10.0.2",
                  "11.0.2",
               ],
               identifier: "CVE-2021-28165",
               identifiers: [
                  "CVE-2021-28165",
                  "GHSA-26vr-8j45-3r4w",
               ],
               not_impacted: "All versions before 7.2.2, all versions starting from 9.4.39 before 10.0.0, all versions starting from 10.0.2 before 11.0.0, all versions starting from 11.0.2",
               package_slug: "maven/org.eclipse.jetty/jetty-http",
               pubdate: "2021-04-01",
               solution: "Upgrade to versions 9.4.39.v20210325, 10.0.2, 11.0.2 or above.",
               title: "Uncontrolled Resource Consumption",
               urls: [
                  "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
               ],
               uuid: "63158b6f-428f-46e5-b731-3842901ed871",
            },
            {
               affected_range: "[7.2.2,9.4.39),[10.0.0,10.0.2),[11.0.0,11.0.2)",
               affected_versions: "All versions starting from 7.2.2 before 9.4.39, all versions starting from 10.0.0 before 10.0.2, all versions starting from 11.0.0 before 11.0.2",
               cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               cwe_ids: [
                  "CWE-1035",
                  "CWE-755",
                  "CWE-937",
               ],
               date: "2022-07-29",
               description: "In Eclipse Jetty to alpha0 to alpha0 to, CPU usage can reach % upon receiving a large invalid TLS frame.",
               fixed_versions: [
                  "9.4.39.v20210325",
                  "10.0.2",
                  "11.0.2",
               ],
               identifier: "CVE-2021-28165",
               identifiers: [
                  "CVE-2021-28165",
                  "GHSA-26vr-8j45-3r4w",
               ],
               not_impacted: "All versions before 7.2.2, all versions starting from 9.4.39 before 10.0.0, all versions starting from 10.0.2 before 11.0.0, all versions starting from 11.0.2",
               package_slug: "maven/org.eclipse.jetty/jetty-io",
               pubdate: "2021-04-01",
               solution: "Upgrade to versions 9.4.39.v20210325, 10.0.2, 11.0.2 or above.",
               title: "Uncontrolled Resource Consumption",
               urls: [
                  "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
               ],
               uuid: "11ac6218-84c4-4e05-9699-b28b71c7aa11",
            },
            {
               affected_range: "[7.2.2,9.4.39),[10.0.0,10.0.2),[11.0.0,11.0.2)",
               affected_versions: "All versions starting from 7.2.2 before 9.4.39, all versions starting from 10.0.0 before 10.0.2, all versions starting from 11.0.0 before 11.0.2",
               cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               cwe_ids: [
                  "CWE-1035",
                  "CWE-755",
                  "CWE-937",
               ],
               date: "2022-07-29",
               description: "In Eclipse Jetty to alpha0 to alpha0 to, CPU usage can reach % upon receiving a large invalid TLS frame.",
               fixed_versions: [
                  "9.4.39.v20210325",
                  "10.0.2",
                  "11.0.2",
               ],
               identifier: "CVE-2021-28165",
               identifiers: [
                  "CVE-2021-28165",
                  "GHSA-26vr-8j45-3r4w",
               ],
               not_impacted: "All versions before 7.2.2, all versions starting from 9.4.39 before 10.0.0, all versions starting from 10.0.2 before 11.0.0, all versions starting from 11.0.2",
               package_slug: "maven/org.eclipse.jetty/jetty-server",
               pubdate: "2021-04-01",
               solution: "Upgrade to versions 9.4.39.v20210325, 10.0.2, 11.0.2 or above.",
               title: "Uncontrolled Resource Consumption",
               urls: [
                  "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
               ],
               uuid: "72501e73-ef5a-41dc-90fa-cf04dd4ab63a",
            },
            {
               affected_range: "[7.2.2,9.4.39),[10.0.0,10.0.2),[11.0.0,11.0.2)",
               affected_versions: "All versions starting from 7.2.2 before 9.4.39, all versions starting from 10.0.0 before 10.0.2, all versions starting from 11.0.0 before 11.0.2",
               cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               cwe_ids: [
                  "CWE-1035",
                  "CWE-755",
                  "CWE-937",
               ],
               date: "2022-07-29",
               description: "In Eclipse Jetty to alpha0 to alpha0 to, CPU usage can reach % upon receiving a large invalid TLS frame.",
               fixed_versions: [
                  "9.4.39.v20210325",
                  "10.0.2",
                  "11.0.2",
               ],
               identifier: "CVE-2021-28165",
               identifiers: [
                  "CVE-2021-28165",
                  "GHSA-26vr-8j45-3r4w",
               ],
               not_impacted: "All versions before 7.2.2, all versions starting from 9.4.39 before 10.0.0, all versions starting from 10.0.2 before 11.0.0, all versions starting from 11.0.2",
               package_slug: "maven/org.eclipse.jetty/jetty-util",
               pubdate: "2021-04-01",
               solution: "Upgrade to versions 9.4.39.v20210325, 10.0.2, 11.0.2 or above.",
               title: "Uncontrolled Resource Consumption",
               urls: [
                  "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
               ],
               uuid: "66bca4fa-ae7f-42a6-a605-83cd328ae3e7",
            },
            {
               affected_range: "[2.277.3,2.286)",
               affected_versions: "All versions after 2.277.3 before 2.286",
               cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               cwe_ids: [
                  "CWE-1035",
                  "CWE-755",
                  "CWE-937",
               ],
               date: "2022-07-29",
               description: "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.",
               fixed_versions: [
                  "2.286",
               ],
               identifier: "CVE-2021-28165",
               identifiers: [
                  "CVE-2021-28165",
                  "GHSA-26vr-8j45-3r4w",
               ],
               not_impacted: "",
               package_slug: "maven/org.jenkins-ci.main/jenkins-core",
               pubdate: "2021-04-01",
               solution: "Upgrade to version 2.286 or above.",
               title: "Uncontrolled Resource Consumption",
               urls: [
                  "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
                  "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
                  "http://www.openwall.com/lists/oss-security/2021/04/20/3",
                  "https://security.netapp.com/advisory/ntap-20210611-0006/",
                  "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "https://www.debian.org/security/2021/dsa-4949",
                  "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E",
                  "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "https://www.oracle.com/security-alerts/cpujan2022.html",
               ],
               uuid: "72fb8c1e-4b01-4f67-8eb1-96555eedb9ab",
            },
         ],
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "11.0.2",
                        versionStartIncluding: "11.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "10.0.2",
                        versionStartIncluding: "10.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "9.4.39",
                        versionStartIncluding: "7.2.2",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "21.9",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "8.2.4.0",
                        versionStartIncluding: "8.0.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "8.2.4.0",
                        versionStartIncluding: "8.0.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "21.3",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.277.3",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.286",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "11.70.1",
                        versionStartIncluding: "11.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:e-series_performance_analyzer:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "3.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "4.6",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:e-series_santricity_storage:*:*:*:*:*:vcenter:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.10",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:santricity_web_services_proxy:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "5.1",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
                        cpe_name: [],
                        versionEndExcluding: "9.10",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "9.10",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*",
                        cpe_name: [],
                        versionEndExcluding: "5.1",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:ontap_tools:*:*:*:*:*:vmware_vsphere:*:*",
                        cpe_name: [],
                        versionEndExcluding: "9.10",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:cloud_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "3.9.8",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "security@eclipse.org",
               ID: "CVE-2021-28165",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-755",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
                     refsource: "CONFIRM",
                     tags: [
                        "Exploit",
                        "Third Party Advisory",
                     ],
                     url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
                  },
                  {
                     name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab@%3Cnotifications.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a@%3Cnotifications.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e@%3Cdev.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959@%3Cdev.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2@%3Cnotifications.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d@%3Cnotifications.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc@%3Cnotifications.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f@%3Ccommits.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77@%3Ccommits.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36@%3Ccommits.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0@%3Cnotifications.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7@%3Cnotifications.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb@%3Ccommits.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464@%3Cnotifications.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2@%3Ccommits.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[hbase-dev] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b@%3Cdev.hbase.apache.org%3E",
                  },
                  {
                     name: "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa@%3Cissues.hbase.apache.org%3E",
                  },
                  {
                     name: "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449@%3Cissues.hbase.apache.org%3E",
                  },
                  {
                     name: "[hbase-issues] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f@%3Cissues.hbase.apache.org%3E",
                  },
                  {
                     name: "[hbase-issues] 20210407 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4@%3Cissues.hbase.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] HyukjinKwon commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk closed pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210408 [jira] [Resolved] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] viirya commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun edited a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-commits] 20210408 [spark] branch branch-2.4 updated: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97@%3Ccommits.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-commits] 20210408 [spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78@%3Ccommits.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun closed pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[hbase-issues] 20210408 [GitHub] [hbase-thirdparty] apurtell merged pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d@%3Cissues.hbase.apache.org%3E",
                  },
                  {
                     name: "[hbase-commits] 20210408 [hbase-thirdparty] branch master updated: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165 (#49)",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1@%3Ccommits.hbase.apache.org%3E",
                  },
                  {
                     name: "[hbase-issues] 20210408 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225@%3Cissues.hbase.apache.org%3E",
                  },
                  {
                     name: "[pulsar-commits] 20210409 [GitHub] [pulsar] dinghram opened a new pull request #10183: CVE-2021-28165-Jetty",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155@%3Ccommits.pulsar.apache.org%3E",
                  },
                  {
                     name: "[pulsar-commits] 20210409 [GitHub] [pulsar] merlimat commented on pull request #10183: CVE-2021-28165-Jetty",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed@%3Ccommits.pulsar.apache.org%3E",
                  },
                  {
                     name: "[kafka-dev] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7@%3Cdev.kafka.apache.org%3E",
                  },
                  {
                     name: "[kafka-jira] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812@%3Cjira.kafka.apache.org%3E",
                  },
                  {
                     name: "[kafka-jira] 20210412 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825@%3Cjira.kafka.apache.org%3E",
                  },
                  {
                     name: "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai commented on pull request #10183: CVE-2021-28165-Jetty",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc@%3Ccommits.pulsar.apache.org%3E",
                  },
                  {
                     name: "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai closed pull request #10183: CVE-2021-28165-Jetty",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f@%3Ccommits.pulsar.apache.org%3E",
                  },
                  {
                     name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E",
                  },
                  {
                     name: "[kafka-jira] 20210412 [jira] [Assigned] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3@%3Cjira.kafka.apache.org%3E",
                  },
                  {
                     name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7@%3Cjira.kafka.apache.org%3E",
                  },
                  {
                     name: "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E",
                  },
                  {
                     name: "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E",
                  },
                  {
                     name: "[kafka-jira] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38@%3Cjira.kafka.apache.org%3E",
                  },
                  {
                     name: "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 merged pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7@%3Cjira.kafka.apache.org%3E",
                  },
                  {
                     name: "[kafka-jira] 20210413 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020@%3Cjira.kafka.apache.org%3E",
                  },
                  {
                     name: "[kafka-jira] 20210413 [GitHub] [kafka] edwin092 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f@%3Cjira.kafka.apache.org%3E",
                  },
                  {
                     name: "[kafka-dev] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7@%3Cdev.kafka.apache.org%3E",
                  },
                  {
                     name: "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e@%3Cjira.kafka.apache.org%3E",
                  },
                  {
                     name: "[kafka-jira] 20210413 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1@%3Cjira.kafka.apache.org%3E",
                  },
                  {
                     name: "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E",
                  },
                  {
                     name: "[oss-security] 20210420 Vulnerability in Jenkins",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "http://www.openwall.com/lists/oss-security/2021/04/20/3",
                  },
                  {
                     name: "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E",
                  },
                  {
                     name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E",
                  },
                  {
                     name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E",
                  },
                  {
                     name: "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
                     refsource: "MLIST",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35@%3Creviews.spark.apache.org%3E",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20210611-0006/",
                     refsource: "CONFIRM",
                     tags: [
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://security.netapp.com/advisory/ntap-20210611-0006/",
                  },
                  {
                     name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E",
                  },
                  {
                     name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E",
                  },
                  {
                     name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E",
                  },
                  {
                     name: "[kafka-jira] 20210715 [jira] [Commented] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a@%3Cjira.kafka.apache.org%3E",
                  },
                  {
                     name: "N/A",
                     refsource: "N/A",
                     tags: [
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://www.oracle.com//security-alerts/cpujul2021.html",
                  },
                  {
                     name: "DSA-4949",
                     refsource: "DEBIAN",
                     tags: [
                        "Third Party Advisory",
                     ],
                     url: "https://www.debian.org/security/2021/dsa-4949",
                  },
                  {
                     name: "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
                     refsource: "MLIST",
                     tags: [
                        "Issue Tracking",
                        "Mailing List",
                        "Third Party Advisory",
                     ],
                     url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     tags: [
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     tags: [
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                     refsource: "MISC",
                     tags: [
                        "Not Applicable",
                        "Third Party Advisory",
                     ],
                     url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               acInsufInfo: false,
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "COMPLETE",
                  baseScore: 7.8,
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                  version: "2.0",
               },
               exploitabilityScore: 10,
               impactScore: 6.9,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "HIGH",
               userInteractionRequired: false,
            },
            baseMetricV3: {
               cvssV3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               exploitabilityScore: 3.9,
               impactScore: 3.6,
            },
         },
         lastModifiedDate: "2022-07-29T17:05Z",
         publishedDate: "2021-04-01T15:15Z",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.