CVE - CVE-2020-27218

CVE-ID
CVE-2020-27218	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892 URL:https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892 CONFIRM:https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8 URL:https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8 CONFIRM:https://security.netapp.com/advisory/ntap-20201218-0003/ URL:https://security.netapp.com/advisory/ntap-20201218-0003/ MISC:https://lists.apache.org/thread.html/r769e1ba36c607772f7403e7ef2a8ae14d9ddcab4a844f9b28bcf7959@%3Cdev.kafka.apache.org%3E URL:https://lists.apache.org/thread.html/r769e1ba36c607772f7403e7ef2a8ae14d9ddcab4a844f9b28bcf7959@%3Cdev.kafka.apache.org%3E MISC:https://lists.apache.org/thread.html/ra1c234f045871827f73e4d68326b067e72d3139e109207345fa57d9e@%3Cdev.kafka.apache.org%3E URL:https://lists.apache.org/thread.html/ra1c234f045871827f73e4d68326b067e72d3139e109207345fa57d9e@%3Cdev.kafka.apache.org%3E MISC:https://lists.apache.org/thread.html/rc2b603b7fa7f8dbfe0b3b59a6140b4d66868db3bf4b29d69a772d72a@%3Cdev.kafka.apache.org%3E URL:https://lists.apache.org/thread.html/rc2b603b7fa7f8dbfe0b3b59a6140b4d66868db3bf4b29d69a772d72a@%3Cdev.kafka.apache.org%3E MISC:https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee2d3ebd8aab151a559@%3Cdev.kafka.apache.org%3E URL:https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee2d3ebd8aab151a559@%3Cdev.kafka.apache.org%3E MISC:https://www.oracle.com//security-alerts/cpujul2021.html URL:https://www.oracle.com//security-alerts/cpujul2021.html MISC:https://www.oracle.com/security-alerts/cpuApr2021.html URL:https://www.oracle.com/security-alerts/cpuApr2021.html MISC:https://www.oracle.com/security-alerts/cpuapr2022.html URL:https://www.oracle.com/security-alerts/cpuapr2022.html MISC:https://www.oracle.com/security-alerts/cpuoct2021.html URL:https://www.oracle.com/security-alerts/cpuoct2021.html MLIST:[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update URL:https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html MLIST:[hbase-commits] 20210206 [hbase-thirdparty] branch master updated: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/re4e67541a0a25a8589e89f52f8cd163c863fe04b59e048f9f1a04958@%3Ccommits.hbase.apache.org%3E MLIST:[hbase-dev] 20210205 [jira] [Created] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r3d43529452c5a16338e8267eb911e8aedc64c3241624302e673961c1@%3Cdev.hbase.apache.org%3E MLIST:[hbase-dev] 20210206 [jira] [Resolved] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/re4ae7ada52c5ecfe805eb86ddc0af399ec8a57bfb0d8c632b8723b88@%3Cdev.hbase.apache.org%3E MLIST:[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/re9214a4232b7ae204288c283bcee4e39f07da6cc34798e9217ba4eb6@%3Cissues.hbase.apache.org%3E MLIST:[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] busbey commented on a change in pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r2f168fd22c071bdd95ec696e45d2a01e928b9fcadbe94fbabeb1549d@%3Cissues.hbase.apache.org%3E MLIST:[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] busbey commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r078c1203e48089b2c934b9f86b61bebe8c049e0ea6273b124f349988@%3Cissues.hbase.apache.org%3E MLIST:[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] jojochuang commented on a change in pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rccc7ba8c51d662e13496df20466d27dbab54d7001e9e7b2f31468a9e@%3Cissues.hbase.apache.org%3E MLIST:[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] pankaj72981 opened a new pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rce9e232a663d8405c003fe83d5c86c27d1ed65561f3690e824717bc4@%3Cissues.hbase.apache.org%3E MLIST:[hbase-issues] 20210205 [jira] [Created] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r186748e676e5aeb4eb603361e6367555ae4daecbde55cfd69fa68ec6@%3Cissues.hbase.apache.org%3E MLIST:[hbase-issues] 20210205 [jira] [Updated] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r3807b1c54066797c4870e03bd2376bdcce9c7c4e6143499f53cd9ca2@%3Cissues.hbase.apache.org%3E MLIST:[hbase-issues] 20210205 [jira] [Work started] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r8b2271909dabb45f0f1482ef35ffe106ae4b0cf8e877eb514e9cd421@%3Cissues.hbase.apache.org%3E MLIST:[hbase-issues] 20210206 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r2ffe719224cbe5897f2d06dd22fc77fa12377c39efe9de0c3bf3f837@%3Cissues.hbase.apache.org%3E MLIST:[hbase-issues] 20210206 [GitHub] [hbase-thirdparty] busbey closed pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rcbc408088ae99dc3167ea293a562a3a9a7295a20e9a1bfc93e43ae1b@%3Cissues.hbase.apache.org%3E MLIST:[hbase-issues] 20210206 [jira] [Resolved] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r96ef6d20c5bd3d42dab500bac56a427e1dce00cf85b083987617643d@%3Cissues.hbase.apache.org%3E MLIST:[kafka-commits] 20210222 [kafka] branch 2.6 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r66456df852de06a0eed2c0a50252a2c8d360b8a5c005f63c0b1e3d25@%3Ccommits.kafka.apache.org%3E MLIST:[kafka-commits] 20210222 [kafka] branch 2.7 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rbbd003149f929b0e2fe58fb315de1658e98377225632e7e4239323fb@%3Ccommits.kafka.apache.org%3E MLIST:[kafka-commits] 20210222 [kafka] branch 2.8 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r990e0296b188d4530d1053882f687fa4f938f108425db2999a180944@%3Ccommits.kafka.apache.org%3E MLIST:[kafka-dev] 20210211 [jira] [Created] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/racd55c9b704aa68cfb4436f17739b612b5d4f887155e04ed521a4b67@%3Cdev.kafka.apache.org%3E MLIST:[kafka-dev] 20210222 [jira] [Resolved] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r942e21ee90e2617a00a08b17b0ac2db961959bec969b91df61584d38@%3Cdev.kafka.apache.org%3E MLIST:[kafka-jira] 20210211 [jira] [Created] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r3554a4f192db6008c03f2c6c3e0f1691a9b0d615ce955ef67a876ff7@%3Cjira.kafka.apache.org%3E MLIST:[kafka-jira] 20210212 [jira] [Assigned] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r7d37d33f2d68912985daf40203182e3d86f3e81266b7a7f350689eeb@%3Cjira.kafka.apache.org%3E MLIST:[kafka-jira] 20210212 [jira] [Commented] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r00858fe27ee35ac8fa0e1549d67e0efb789d63b791b5300390bd8480@%3Cjira.kafka.apache.org%3E MLIST:[kafka-jira] 20210222 [GitHub] [kafka] dongjinleekr commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rd20651e102cb6742a9d9322ea7b5fc3ab60a7ffecb50fa9157cbf176@%3Cjira.kafka.apache.org%3E MLIST:[kafka-jira] 20210222 [GitHub] [kafka] dongjinleekr opened a new pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rb4ca79d1af5237108ce8770b7c46ca78095f62ef21331d9d06142388@%3Cjira.kafka.apache.org%3E MLIST:[kafka-jira] 20210222 [GitHub] [kafka] ijuma commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r391d20ab6ec03d6becc7a9f0c5e0f45a7ad8af6b996ae0a49839f6bd@%3Cjira.kafka.apache.org%3E MLIST:[kafka-jira] 20210222 [GitHub] [kafka] omkreddy closed pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rbea4d456d88b043be86739ab0200ad06ba5a7921064411c098f79831@%3Cjira.kafka.apache.org%3E MLIST:[kafka-jira] 20210222 [jira] [Resolved] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r05b7ffde2b8c180709e14bc9ca036407bea3ed9f09b32c4705d23a4a@%3Cjira.kafka.apache.org%3E MLIST:[kafka-jira] 20210301 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290 URL:https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059@%3Cjira.kafka.apache.org%3E MLIST:[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223 URL:https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b@%3Cjira.kafka.apache.org%3E MLIST:[nifi-commits] 20210222 svn commit: r1886814 - /nifi/site/trunk/security.html URL:https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E MLIST:[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list URL:https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E MLIST:[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes URL:https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E MLIST:[spark-commits] 20210218 [spark] branch branch-3.0 updated: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r500e22d0aedba1866d0b5e76429b76652a473a0209fa8bf66c9f7aab@%3Ccommits.spark.apache.org%3E MLIST:[spark-commits] 20210218 [spark] branch branch-3.1 updated: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r5c64173663c71f222ea40617ab362d7a590935fb75c18817fdec377e@%3Ccommits.spark.apache.org%3E MLIST:[spark-commits] 20210219 [spark] branch branch-2.4 updated: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r7669dab41f2b34d56bb67700d869dc9c025ff72e9468204799f5ac29@%3Ccommits.spark.apache.org%3E MLIST:[spark-issues] 20210216 [jira] [Assigned] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r0d2de2ab5558da68b504bd30db74da1d97dc152a857f5b7e462288ab@%3Cissues.spark.apache.org%3E MLIST:[spark-issues] 20210216 [jira] [Commented] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r306c8e5aad1b9afc0c9278430fb571950fbb3ab7dd5d369eb618ffa4@%3Cissues.spark.apache.org%3E MLIST:[spark-issues] 20210216 [jira] [Created] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rbe3f2e0a3c38ed9cbef81507b7cc6e523341865e30dc15c7503adc76@%3Cissues.spark.apache.org%3E MLIST:[spark-issues] 20210218 [jira] [Commented] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r6493e43007f41e34cdbbb66622307fa235374dd2ec5bf52c61075a68@%3Cissues.spark.apache.org%3E MLIST:[spark-issues] 20210219 [jira] [Resolved] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/re014afaa14f4df9d33912ab64dc57249e1c170c7448d7175c6d014ff@%3Cissues.spark.apache.org%3E MLIST:[spark-issues] 20210222 [jira] [Updated] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r4b2e7417a76e3dd4dc9855c6c138c49484080754a09927454f6d89f0@%3Cissues.spark.apache.org%3E MLIST:[spark-reviews] 20210216 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rba4bca48d2cdfa8c08afc368a9cc4572ec85a5915ba29b8a194bf505@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210216 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rdbdbb4e51f8857e082b464cd128decd7263cf0fb8557f12993562c56@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210216 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r5464405909eb0e1059d5dd57d10c435b9f19325fdebbadb4f1126997@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210216 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r51ec0120b6c849d12fb7fef34db87ef0bf79fcfcd3d703a9800afbba@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210216 [GitHub] [spark] sarutak opened a new pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r489dfc3e259ad3837141985dd9291b93e6b40496cdf58808915d67e9@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210217 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r32a25679d97bf5969d130f8e9b3a3fc54110095397d89952e93dbeb0@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210217 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/racf9e6ad2482cb9b1e3e1b2c1b443d9d5cf14055fb54dec3d2dcce91@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210217 [GitHub] [spark] HyukjinKwon commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/ra09a653997cbf10aab8c0deabc0fa49f5a8a8ce4305ce9089b98485f@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210217 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rf31e24700f725ef81bc5a2e0444a60e1f295ed0a54c0098362a7bdfa@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210217 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r8c22aad0711321537183ccddcade7274ebf9dcbdcdacc6c4f90f43de@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210217 [GitHub] [spark] dongjoon-hyun commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r25a47cd06750ebb4b0f23a9b7a57c209702c8566a4c970a41ac088df@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210217 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r870bc5e6e354c3e28ea029cb5726c9e8dd2b88cb0f5f7de1d4e3133d@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210217 [GitHub] [spark] sarutak edited a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/reb75282901d0969ba6582725ce8672070715d0773f6ff54dedd60156@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210217 [GitHub] [spark] srowen commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r2a541f08bf5f847394297c13a5305c2f76c11e46504ce2a49653890a@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r94230f46b91c364d39922a8ba0cfe12b8dba1556b14792719a7d921f@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f2906e934d1b11de3a40@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r543ea0a861a78d84c22656fb76880d7ab327048cf7ee3ccc7281375d@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rd9a960429741406f6557fa344a13d50a0c9976dac2e4c46bb54b32d7@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] HyukjinKwon closed pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r74ab0f5a5f16ca01eb145403ab753df5b348b8c1656d7c8501d0bfc6@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] HyukjinKwon commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r8eea4c7797e701f6494c72942dd89f471cda4c2c6e9abbaf05d113d8@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rcf7b5818f71bb97fd695eb0f54f8f4f69e15cc5f9ec761ea8be0d0d3@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] SparkQA commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r706562cbbdda569cc556d8a7983d1f9229606e7b51337b820785af26@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r81f82ab8ecb83568bafbecf9ce0e73be73980ac1e2af6baf0f344a59@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r8ed14a84656fa0bb8df3bf9373c5be80f47ceac1e2ff068ee734fdb3@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r850d1d0413716e8ba6d910cae7b01a0e560636e17d664769b5080ca5@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] sarutak commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r15500b77c52390e2ec048cea4a6b45edf907ea61cd13259193ff8601@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] sarutak edited a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r4aff5ca6bc94a6f13ff77914fd960185ab70cd6cebe96fffd74543ac@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210218 [GitHub] [spark] sarutak opened a new pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r01806ad8c9cb0590584baf5b1a60237ad92e4ad5bba082ca04d98179@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210219 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rb6a3866c02ac4446451c7d9dceab2373b6d32fb058f9085c6143de30@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210219 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rf273267fa2e49314643af3141cec239f97d41de8a59be4ef7e10c65a@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210219 [GitHub] [spark] HyukjinKwon closed pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r39f1b1be8e5c0935f7c515eedf907909474bad15185125daacb36d50@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210219 [GitHub] [spark] HyukjinKwon commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r153fbefc27a1b2033692f32ef728ca909a7c7bcc1d21b6c35b38bdd5@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210219 [GitHub] [spark] SparkQA commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/r9b46505868794fba04d401956304e63e4d8e39bdc118d30e5e87dcd9@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210219 [GitHub] [spark] SparkQA removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/rf0181750e321518c8afa8001e0529d50a9447714ef4f58d98af57904@%3Creviews.spark.apache.org%3E MLIST:[spark-reviews] 20210219 [GitHub] [spark] srowen commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218 URL:https://lists.apache.org/thread.html/re3918edd403b0d3857a13ef2ccf3d2bc0231f3b8758e2a5777ea1cd3@%3Creviews.spark.apache.org%3E MLIST:[zookeeper-commits] 20201224 [zookeeper] branch master updated: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r964d226dd08527fddd7a44410c50daa9d34d398e5c4793f1d7e19da8@%3Ccommits.zookeeper.apache.org%3E MLIST:[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r2a57c7bbf36afc87f8ad9e1dd2f53a08e85a1b531283fc2efce4fe17@%3Ccommits.zookeeper.apache.org%3E MLIST:[zookeeper-dev] 20201208 Re: [VOTE] Apache ZooKeeper release 3.5.9 candidate 0 URL:https://lists.apache.org/thread.html/rde11c433675143d8d27551c3d9e821fe1955f1551a518033d3716553@%3Cdev.zookeeper.apache.org%3E MLIST:[zookeeper-issues] 20201205 [jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/rbc5a8d7a0a13bc8152d427a7e9097cdeb139c6cfe111b2f00f26d16b@%3Cissues.zookeeper.apache.org%3E MLIST:[zookeeper-issues] 20201206 [jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r23ce6b8965e30808daa77a80fcd69833b1fc632d80465d0419eff619@%3Cissues.zookeeper.apache.org%3E MLIST:[zookeeper-issues] 20201224 [jira] [Resolved] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/rc1de630c6ed9a958d9f811e816d6d8efb6ca94aed0869bc5cda9d7f8@%3Cissues.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201205 [GitHub] [zookeeper] phunt commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r8fee46fd9f1254150cc55eecf1ea6a448fca1f7cf1d1e7f9c4803fdb@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r8c839a0d88cd6504abbe72c260371094f47014b2ba08d8d2c0232e3c@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/re86a6ba09dc74e709db843e3561ead923c8fd1cba32343656dd8c44b@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r22776d06582985cca5bd2a92519a2b13b4cae2d8e087318da03c036d@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/rfa8879a713480b206c152334419499e6af0878c36217abcc9ab4f0d1@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r6d5bb60a13e8b539600f86cb72097967b951de5c7ef1e4005cda74a7@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201206 [GitHub] [zookeeper] nkalmar commented on a change in pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/re03a566114435a8cc8eb72158242b0f560c5eeccbb4ee98d22de8373@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201206 [GitHub] [zookeeper] nkalmar commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r4981622ba15e8be1657d30b7c85044c7aabe89751fa7324f8604b834@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201206 [GitHub] [zookeeper] ztzg commented on a change in pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r9f571b086965b35d4e91e47fb67c27b42b62762248b4900ba723599f@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201206 [GitHub] [zookeeper] ztzg commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/ree677ff289ba9a90850f2e3ba7279555df1a170263ba39c5272db236@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/rb8f413dc923070919b09db3ac87d079a2dcc6f0adfbb029e206a7930@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/rdde0ad0a03eec962c56b46e70e225918ea2368dcc3fd3488741fad53@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r602683484f607cd1b9598caf3e549fbb01c43fd46a582a32cc3bb545@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201207 [GitHub] [zookeeper] ztzg commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r1dd302323c6fe1a542d0371de66a484918fa6c2831ae70d924974bea@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201211 [GitHub] [zookeeper] nkalmar commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/rc0e35f4e8a8a36127e3ae7a67f325a3a6a4dbe05034130fb04b6f3b6@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201215 [GitHub] [zookeeper] phunt commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r8f5b144e7a7c2b338f01139d891abbaba12a8173ee01110d21bd0b4d@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201224 [GitHub] [zookeeper] eolivelli commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r5e5cb33b545548ec4684d33bd88b05a0ae89c4d7cac93eb63255f58f@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r821bbffb64da0f062b4e72d1aa600b91e26bc82a28298ab159121215@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/rc91c405c08b529b7292c75d9bd497849db700a1297fe3432990f6774@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r9d7a86fb0b45e5b1855d4df83a5820eef813d55eae3edf224f3d5055@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r70940cb30356642f0c49af49259680d6bd866f51c4e8de0f8a498fb0@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r46589f4228aabd5fb16135ff5bef0f77f06cdef64f9785ac3349fa02@%3Cnotifications.zookeeper.apache.org%3E MLIST:[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 URL:https://lists.apache.org/thread.html/r8be8c6f0e404a3179d988eb8afed03ede5f2d5ce986d3f709fb82610@%3Cnotifications.zookeeper.apache.org%3E
Assigning CNA
Eclipse Foundation
Date Record Created
20201019	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20201019)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)