{"id":"CVE-2020-27223","details":"In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.","aliases":["BIT-nifi-2020-27223","BIT-solr-2020-27223","BIT-spark-2020-27223","GHSA-m394-8rww-3jr7"],"modified":"2026-03-14T22:38:46.661284Z","published":"2021-02-26T22:15:19.317Z","related":["GHSA-m394-8rww-3jr7","SUSE-SU-2021:0940-1","openSUSE-SU-2024:10878-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r26d9196f4d2afb9bec2784bcb6fc183aca82e4119bf41bdc613eec01%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r521a077885ce79c44a799118c878589e81e525cab72d368e5cfb6f61%40%3Cissues.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/re3bd4f831f9be49871cb6adb997289b5dbcd6fe4bc5cb08223254080%40%3Cdev.lucene.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf6c2efa3137bc8c22707e550a1f9b80f74bca62b9c8a6f768f2c6b86%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rff630ce92a4d1bb494fc1a3f9b57a3d60819b436505bcd8c6ccc713c%40%3Ccommits.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r8b1963f16d6cb1230ca7ee73b6ec4f5c48f344191dbb1caabd265ee4%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra384892bab8c03a60613a6a9d5e9cae0a2b800fd882792a55520115e%40%3Ccommits.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rc052fd4e9e9c01bead74c0b5680355ea5dc3b72d46f253cb65d03e43%40%3Ccommits.druid.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r068dfd35ce2193f6af28b74ff29ab148c2b2cacb235995576f5bea78%40%3Cissues.solr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r2c2c7b2971360fb946bbf062c58d7245927dd1ce9150fc9987f65409%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rb79b62ac3085e05656e41865f5a7efcbdc7dcd7843abed9c5fe0fef8%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r07aedcb1ece62969c406cb84c8f0e22cec7e42cdc272f3176e473320%40%3Cusers.solr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r1b803e6ebdac5f670708878fb1b27cd7a0ce9d774a60e797e58cee6f%40%3Cissues.nifi.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/re43768896273c0b5f1a03d7f0a9d370852074489d51825fdc0d77f0f%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/reca91f217f9e1ce607ce6e19a1c0b3db82b5b1b58cf39a84d6434695%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r27ad7843d060762cc942820566eeaa9639f75371afedf8124b943283%40%3Cissues.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1%40%3Cdev.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/reb3c6dc050c7ee18ea154cd94dba85d99aa6b02b84c4bb2138a4abf2%40%3Creviews.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf77f4c4583669f1133d58cc4f1964367e253818ed8db986bb2732f7c%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r35ab810c0f3016b3fd3a3fa9088a2d2781b354a810780ce74d022b6c%40%3Cdev.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra47a26c008487b0a739a368c846e168de06c3cd118d31ecedafa679a%40%3Cdev.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614%40%3Cdev.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r463b12b27264c5e1e3c48c8c2cc5d33813d2f0d981102548fb3102fb%40%3Cissues.nifi.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/raa6d60b00b67c0550672b4f506f0df75b323dcd25cf574e91e2f2dff%40%3Cissues.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rd666e187ebea2fda8624683ab51e2a5ad2108f762d21bf1a383d7502%40%3Creviews.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r0e25cdf3722a24c53049d37396f0da8502cb4b7cdc481650dc601dbc%40%3Cgitbox.activemq.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r2c947376491a20d1cf143bf3c21ed74113e099d806cfe4c490a45ad8%40%3Creviews.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r51f8975ef47c12a46fbfd7da9efea7f08e1d307fe1dc3042514659ae%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r857b31ad16c6e76002bc6cca73c83358ed2595477e288286ee82c48d%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r1b7ed296a865e3f1337a96ee9cd51f6d154d881a30da36020ca72a4b%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r65c714241b9d064a44fec10d60ebf5a37d5ebadd6bf88b0eed13ade0%40%3Cissues.solr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r7f4ad5eec0bce2821c308bb23cac53df5c94eb84de1c58de9b95c176%40%3Ccommits.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra2f529da674f25a7351543544f7d621b5227c49a0745913b1194d11e%40%3Creviews.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf190d1d28e1367d1664ef6bc2f71227566d7b6b39209817a5364da1f%40%3Cissues.solr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r4a456d89a83752a012d88a60ff4b21def6c9f650b9e69ea9fa11c9f9%40%3Cissues.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r4c92ea39167c0f7b096ae8268db496b5451d69606f0304b7c8a994c7%40%3Cissues.nifi.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rdd6c47321db1bfe12c68a898765bf3b6f97e2afa6a501254ed4feaed%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/re19fa47ec901cc3cf6d7784027198e8113f8bc2dbfd6c9d6d13f5447%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/re819198d4732804dc01fca8b5b144689a118ede49f6128968773595c%40%3Ccommits.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r0b639bd9bfaea265022125d18acd2fc6456044b76609ec74772c9567%40%3Cissues.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r5b7cc6ac733e0b35816751cf45d152ae246a3f40e0b1e62b101c9522%40%3Cdev.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r7fbdb7880be1566f943d80fbbeefde2115c086eba1bef3115350a388%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rc721fe2910533bffb6bd4d69ea8ff4f36066d260dbcd2d14e041614a%40%3Cissues.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r5612dc69e1f79c421faf9764ffbc92591e2a69ea417c04cba57f49ea%40%3Cuser.karaf.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r1414ab2b3f4bb4c0e736caff6dc8d15f93f6264f0cca5c47710d7bb3%40%3Creviews.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r409ee2bae66bfff6aa89e6c74aff535e6248260d3afcb42bfb3b316b%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r601f15f3de7ae3a7bbcd780c19155075c56443c2cdc1d193c03b4182%40%3Cissues.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r855b24a3bde3674256152edfc53fb8c9000f9b59db3fecbbde33b211%40%3Cissues.solr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/re03a4dbc15df6f390a2f8c0a071c31c8324dbef007e59fdc2592091a%40%3Ccommits.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r0c6eced465950743f3041b03767a32b2e98d19731bd72277fc7ea428%40%3Ccommits.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r75ee2a529edb892ac59110cb3f6f91844a932c5034e16c8317f5668d%40%3Ccommits.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r7ffd050d3bd7c90d95f4933560b5f4f15971ab9a5f5322fdce116243%40%3Cdev.lucene.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r492cff8488a7f6eb96700afb5d137b719ddb80a833e77f971d2691c6%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r562a0cbc5c8cac4d000a27b2854a8ab1b924aa9dd45f8ffbea98e5ad%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r734f996149bb9b1796740385fcbdf3e093eb9aabedc0f20a48ea1d68%40%3Cissues.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r897a6a14d03eab09e89b809d2a650f3765065201da5bc3db9a4dd6e8%40%3Ccommits.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r0cdab13815fc419805a332278c8d27e354e78560944fc36db0bdc760%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r105f4e52feb051faeb9141ef78f909aaf5129d6ed1fc52e099c79463%40%3Cissues.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r8dc1b13b80d39fbf4a9d158850e15cd868f0460c2f364f13dca7050b%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra40a88a2301a3da86e25b501ff4bc88124f2b816c2917d5f3497f8f0%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"ADVISORY","url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210401-0005/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4949"},{"type":"ADVISORY","url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128"},{"type":"FIX","url":"https://github.com/jetty/jetty.project/commit/10e531756b972162eed402c44d0244f7f6b85131"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/lucene-solr","events":[{"introduced":"0"},{"last_affected":"64f3b496bfee762a9d2dbff40700f457f4464dfe"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.8.1"}]}},{"type":"GIT","repo":"https://github.com/apache/nifi","events":[{"introduced":"0"},{"last_affected":"3bc6a122091214b33eee17a270163d7ca26e2a0c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.13.0"}]}},{"type":"GIT","repo":"https://github.com/apache/spark","events":[{"introduced":"0"},{"last_affected":"1d550c4e90275ab418b9161925049239227f3dc9"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.1.1-NA"}]}},{"type":"GIT","repo":"https://github.com/eclipse/jetty.project","events":[{"introduced":"0"},{"last_affected":"8ba0f2d95dbacbe34898f8de15389e39b4e44279"},{"introduced":"0"},{"last_affected":"bd7a8eddbca0a70f8c9a98bb128794a865b1e42e"},{"introduced":"0"},{"last_affected":"238ec6997c7806b055319a6d11f8ae7564adc0de"},{"introduced":"0"},{"last_affected":"238ec6997c7806b055319a6d11f8ae7564adc0de"},{"introduced":"0"},{"last_affected":"b9645a17373e4e9b7f30b6c0a07defcea2cb660b"},{"introduced":"0"},{"last_affected":"432f896d7a4555fcc81f38108757ea0aca8788e6"},{"introduced":"0"},{"last_affected":"b9645a17373e4e9b7f30b6c0a07defcea2cb660b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.4.6-20170531"},{"introduced":"0"},{"last_affected":"9.4.6-20180619"},{"introduced":"0"},{"last_affected":"9.4.36-NA"},{"introduced":"0"},{"last_affected":"9.4.36-20210114"},{"introduced":"0"},{"last_affected":"10.0.0-NA"},{"introduced":"0"},{"last_affected":"11.0.0-NA"},{"introduced":"0"},{"last_affected":"10.0"}]}},{"type":"GIT","repo":"https://github.com/jetty/jetty.project","events":[{"introduced":"0"},{"fixed":"10e531756b972162eed402c44d0244f7f6b85131"}]}],"versions":["0.3-scala-2.8","0.3-scala-2.9","PRE-MERGE-20120719-1138","alpha-0.1","alpha-0.2","docker/nifi-1.2.0","grafts/lucene-oldest","grafts/lucene-solr-copy","grafts/lucene-solr-oldest-merged","grafts/solr-incubator-latest","grafts/solr-incubator-oldest","grafts/solr-latest","grafts/solr-oldest","history/branches/lucene-solr/LUCENE-5622","history/branches/lucene-solr/LUCENE2793","history/branches/lucene-solr/cleanup2878","history/branches/lucene-solr/docvalues","history/branches/lucene-solr/jira/lucene-5438-nrt-replication","history/branches/lucene-solr/lucene-6835","history/branches/lucene-solr/lucene-6997","history/branches/lucene-solr/lucene2510","history/branches/lucene-solr/lucene2858","history/branches/lucene-solr/lucene3069","history/branches/lucene-solr/lucene3312","history/branches/lucene-solr/lucene3606","history/branches/lucene-solr/lucene3661","history/branches/lucene-solr/lucene3795_lsp_spatial_module","history/branches/lucene-solr/lucene3846","history/branches/lucene-solr/lucene3969","history/branches/lucene-solr/lucene4055","history/branches/lucene-solr/lucene4199","history/branches/lucene-solr/lucene4236","history/branches/lucene-solr/lucene4335","history/branches/lucene-solr/lucene4446","history/branches/lucene-solr/lucene4547","history/branches/lucene-solr/lucene4765","history/branches/lucene-solr/lucene5178","history/branches/lucene-solr/lucene5207","history/branches/lucene-solr/lucene5339","history/branches/lucene-solr/lucene539399","history/branches/lucene-solr/lucene5468","history/branches/lucene-solr/lucene5487","history/branches/lucene-solr/lucene5493","history/branches/lucene-solr/lucene5611","history/branches/lucene-solr/lucene5666","history/branches/lucene-solr/lucene5675","history/branches/lucene-solr/lucene5752","history/branches/lucene-solr/lucene5858","history/branches/lucene-solr/lucene5969","history/branches/lucene-solr/lucene5995","history/branches/lucene-solr/lucene6196","history/branches/lucene-solr/lucene6238","history/branches/lucene-solr/lucene6271","history/branches/lucene-solr/lucene6299","history/branches/lucene-solr/lucene6487","history/branches/lucene-solr/pforcodec_3892","history/branches/lucene-solr/preflexfixes","history/branches/lucene-solr/realtime_search","history/branches/lucene-solr/slowclosing","history/branches/lucene-solr/solr2452","history/branches/lucene-solr/solr3733","history/branches/lucene-solr/solr5914","history/branches/lucene-solr/solr7787","jetty-7.4.4.v20110707","jetty-7.5.0.RC0","jetty-7.5.0.RC1","jetty-7.5.0.RC2","jetty-7.5.0.v20110901","jetty-7.5.1.v20110907","jetty-7.5.1.v20110908","jetty-7.5.2.v20111006","jetty-7.5.3.v20111011","jetty-7.5.4.v20111024","jetty-7.6.0.RC0","jetty-7.6.0.RC1","jetty-7.6.0.RC2","jetty-7.6.0.RC3","jetty-7.6.0.RC4","jetty-7.6.0.RC5","jetty-7.6.0.v20120125","jetty-7.6.0.v20120127","jetty-7.6.1.v20120215","jetty-7.6.10.v20130312","jetty-7.6.11.v20130520","jetty-7.6.11.v20130725","jetty-7.6.12.v20130726","jetty-7.6.13.v20130910","jetty-7.6.2.v20120302","jetty-7.6.2.v20120308","jetty-7.6.3.v20120413","jetty-7.6.3.v20120416","jetty-7.6.4.v20120522","jetty-7.6.4.v20120524","jetty-7.6.5.v20120713","jetty-7.6.5.v20120716","jetty-7.6.6.v20120903","jetty-7.6.7.v20120910","jetty-7.6.8.v20121106","jetty-7.6.9.v20130131","jetty-8.0.0.RC0","jetty-8.0.0.v20110901","jetty-8.0.1.v20110907","jetty-8.0.1.v20110908","jetty-8.0.2.v20111006","jetty-8.0.3.v20111011","jetty-8.0.4.v20111024","jetty-8.1.0.RC0","jetty-8.1.0.RC1","jetty-8.1.0.RC2","jetty-8.1.0.RC4","jetty-8.1.0.RC5","jetty-8.1.0.v20120125","jetty-8.1.0.v20120127","jetty-8.1.1.v20120215","jetty-8.1.10.v20130312","jetty-8.1.11.v20130520","jetty-8.1.12.v20130725","jetty-8.1.12.v20130726","jetty-8.1.13.v20130910","jetty-8.1.13.v20130916","jetty-8.1.2.v20120302","jetty-8.1.2.v20120308","jetty-8.1.3.v20120413","jetty-8.1.3.v20120416","jetty-8.1.4.v20120522","jetty-8.1.4.v20120524","jetty-8.1.5.v20120713","jetty-8.1.5.v20120716","jetty-8.1.6.v20120903","jetty-8.1.7.v20120910","jetty-8.1.8.v20121106","jetty-8.1.9.v20130131","jetty-9.0.0.M0","jetty-9.0.0.M1","jetty-9.0.0.M2","jetty-9.0.0.M3","jetty-9.0.0.M4","jetty-9.0.0.M5","jetty-9.0.0.RC0","jetty-9.0.0.RC1","jetty-9.0.0.RC2","jetty-9.0.0.RC3","jetty-9.0.0.v20130308","jetty-9.0.1.v20130408","jetty-9.0.2.v20130417","jetty-9.0.2.v20140415","jetty-9.0.3.v20130506","jetty-9.0.4.v20130621","jetty-9.0.4.v20130625","jetty-9.0.5.v20130813","jetty-9.0.5.v20130815","jetty-9.0.6.v20130919","jetty-9.0.6.v20130930","jetty-9.0.7.v20131031","jetty-9.0.7.v20131107","jetty-9.0.x","jetty-9.1.0.M0","jetty-9.1.0.RC0","jetty-9.1.0.RC1","jetty-9.1.0.RC2","jetty-9.1.0.v20131115","jetty-9.1.1.v20140108","jetty-9.1.2.v20140210","jetty-9.1.3.v20140225","jetty-9.1.4.v20140401","jetty-9.2.0.M0","jetty-9.2.0.M1","jetty-9.2.0.RC0","jetty-9.2.0.v20140523","jetty-9.2.0.v20140526","jetty-9.2.1.v20140609","jetty-9.2.10.v20150310","jetty-9.2.11.M0","jetty-9.2.11.v20150528","jetty-9.2.11.v20150529","jetty-9.2.12.M0","jetty-9.2.12.v20150709","jetty-9.2.13.v20150730","jetty-9.2.14.v20151106","jetty-9.2.15.v20160210","jetty-9.2.16.v20160414","jetty-9.2.17.v20160517","jetty-9.2.18.v20160721","jetty-9.2.19.v20160908","jetty-9.2.2.v20140723","jetty-9.2.20.v20161216","jetty-9.2.21.v20170120","jetty-9.2.22.v20170606","jetty-9.2.23.v20171218","jetty-9.2.24.v20180105","jetty-9.2.25.v20180606","jetty-9.2.26.v20180806","jetty-9.2.27.v20190403","jetty-9.2.28.v20190418","jetty-9.2.29.v20191105","jetty-9.2.3.v20140905","jetty-9.2.4.v20141103","jetty-9.2.5.v20141112","jetty-9.2.6.v20141203","jetty-9.2.6.v20141205","jetty-9.2.7.v20150116","jetty-9.2.8.v20150217","jetty-9.2.9.v20150224","jetty-9.3.0.M0","jetty-9.3.0.v20150612","jetty-9.3.1.v20150714","jetty-9.3.10.M0","jetty-9.3.10.v20160621","jetty-9.3.11.M0","jetty-9.3.11.v20160721","jetty-9.3.12.v20160915","jetty-9.3.13.M0","jetty-9.3.13.v20161014","jetty-9.3.14.v20161028","jetty-9.3.15.v20161220","jetty-9.3.16.v20170120","jetty-9.3.17.v20170317","jetty-9.3.18.v20170406","jetty-9.3.19.v20170502","jetty-9.3.20.v20170531","jetty-9.3.21.M0","jetty-9.3.21.v20170918","jetty-9.3.22.v20171030","jetty-9.3.23.v20180228","jetty-9.3.24.v20180605","jetty-9.3.25.v20180904","jetty-9.3.26.v20190403","jetty-9.3.27.v20190418","jetty-9.3.28.v20191105","jetty-9.3.3.v20150825","jetty-9.3.3.v20150827","jetty-9.3.4.v20151007","jetty-9.3.5.v20151012","jetty-9.3.6.v20151106","jetty-9.3.7.RC0","jetty-9.3.7.RC1","jetty-9.3.7.v20160115","jetty-9.3.8.RC0","jetty-9.3.8.v20160314","jetty-9.3.9.M1","jetty-9.3.9.v20160517","jetty-9.4.0.M1","jetty-9.4.0.RC0","jetty-9.4.0.RC1","jetty-9.4.0.RC2","jetty-9.4.0.RC3","jetty-9.4.0.v20161207","jetty-9.4.0.v20161208","jetty-9.4.1.v20170120","jetty-9.4.10.v20180503","jetty-9.4.11.v20180605","jetty-9.4.12.v20180830","jetty-9.4.13.v20181111","jetty-9.4.14.v20181114","jetty-9.4.15.v20190215","jetty-9.4.16.v20190411","jetty-9.4.17.v20190418","jetty-9.4.18.v20190429","jetty-9.4.19.v20190610","jetty-9.4.2.v20170220","jetty-9.4.20.v20190813","jetty-9.4.21.v20190926","jetty-9.4.22.v20191022","jetty-9.4.23.v20191118","jetty-9.4.24.v20191120","jetty-9.4.25.v20191220","jetty-9.4.26.v20200117","jetty-9.4.27.v20200227","jetty-9.4.28.v20200408","jetty-9.4.29.v20200521","jetty-9.4.3.v20170317","jetty-9.4.30.v20200611","jetty-9.4.31.v20200723","jetty-9.4.32.v20200930","jetty-9.4.33.v20201020","jetty-9.4.34.v20201102","jetty-9.4.35.v20201120","jetty-9.4.36.v20210114","jetty-9.4.4.v20170414","jetty-9.4.5.v20170502","jetty-9.4.6.v20170531","jetty-9.4.7.v20170914","jetty-9.4.8.v20171121","jetty-9.4.9.v20180320","nifi-0.0.1-incubating-RC3","nifi-0.0.2-incubating-RC1","nifi-0.1.0-incubating-rc13","nifi-0.2.0-incubating-RC1","nifi-0.2.1-RC1","nifi-0.3.0-RC1","nifi-0.4.0","nifi-0.4.0-RC2","nifi-0.4.1","nifi-0.4.1-RC1","nifi-0.5.0","nifi-0.5.0-RC3","nifi-0.6.0","nifi-0.6.0-RC2","nifi-1.0.0-RC1","nifi-1.1.0-RC2","nifi-1.10.0-RC3","nifi-1.11.0-RC3","nifi-1.12.0-RC1","nifi-1.13.0-RC4","nifi-1.2.0-RC2","nifi-1.3.0-RC1","nifi-1.5.0-RC1","nifi-1.6.0-RC3","nifi-1.7.0-RC1","nifi-1.8.0-RC3","nifi-1.9.0-RC2","nifi-nar-maven-plugin-1.0.0-incubating-RC3","nifi-nar-maven-plugin-1.0.1-incubating-rc13","nifi-parent-1.0.0-incubating-rc13","npn-api-1.0.0.v20120402","npn-api-1.1.0.v20120525","rel/nifi-1.0.0","rel/nifi-1.1.0","rel/nifi-1.10.0","rel/nifi-1.11.0","rel/nifi-1.12.0","rel/nifi-1.13.0","rel/nifi-1.2.0","rel/nifi-1.3.0","rel/nifi-1.4.0","rel/nifi-1.5.0","rel/nifi-1.6.0","rel/nifi-1.7.0","rel/nifi-1.8.0","rel/nifi-1.9.0","releases/lucene-solr/8.8.0","releases/lucene-solr/8.8.1","v0.5.0","v0.5.1","v0.6.0","v0.7.0","v3.0.0-preview","v3.0.0-preview-rc1","v3.0.0-preview-rc2","v3.1.0-rc1","v3.1.1","v3.1.1-rc1","v3.1.1-rc2","v3.1.1-rc3"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","deprecated":false,"id":"CVE-2020-27223-45b13268","target":{"file":"jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java","function":"parsedValue"},"source":"https://github.com/jetty/jetty.project/commit/10e531756b972162eed402c44d0244f7f6b85131","signature_version":"v1","digest":{"function_hash":"184400421406254729142860305963963940971","length":94}},{"signature_type":"Line","deprecated":false,"id":"CVE-2020-27223-4d564dc7","target":{"file":"jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java"},"source":"https://github.com/jetty/jetty.project/commit/10e531756b972162eed402c44d0244f7f6b85131","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["179452784334769158403100940236434908695","310443886562692546600354564003727575888","259758318498458371890959123113478973433","167588035352153053957833495056253406257","11729859842063230267379929745191480475","151313808747148448724823804536116530978","267099099637193108807665146464241172960","277772536204803768681178227960021075796","254636362071963156041171937937726444966","74703349147924814445478036843535794761","78197092271670423108770875798756211088","46175104968392148730137969371446902998","130304822988992453712841094523765272441","222425692163294885629131110470143061318","241873839846214164744735092681360699304","67394938416954511311564384517046886093","121877217330029534788794820229142277812","309656193589048441117397509240928770707","15326949281581316734249748482126462628","58596820990402153241834855336196588683","24859305933685585014542947444527480041","298461787823733139041012657737430547189","181876196218142640670098796099112581576","273506084014286732710665848513266360589","61605516012152643455861940920279450251","298695343177705421066215146711083942819","59049236603406802463753448178612417228","184733323385787113527276764692166247835","19384791602369525422378303335231689573","87870071933459223269954315260175043731","252869537727253322130835741857391429018","225410538706628869019481803153957917413","172250737658928436120187380388861715785","85891844406859578118394634551645997248","34723935739774248465041692618570062268","28085686537498847627534065810124866356","245587174947801259791143250145267603595","281092268295390455017567431752537429857","194902004498424570222832225018999246206","330987813146013006183166589719262266092","240365680333400415281480177292886532106","338781243300349238898033631994657005624","40673121706323402635651278800007290998","89977793703567518013606880243232474081","115066544159129317124921824881557766864","63477383271830600744077320933437945348","170104649092280989819767338544374292200","207789913324137174103619104080987699099","134844006432878171332747389790618579734","119095969198206089809092896809558681679","159649732023743584263572751751416931895","93727250804255053067965740909206683093","295319882671585040700258227269499019617","230635094577414615062632698961610778470","270739774479412693691068982521873522257","30294011653153988449403414044361357691","301898738845381677394046433251864613648","141901544582011180710382814649163345518","330156883865383726124199796974233960790","210488045500915085489429744270068203388","104780329508468820447503702884358200986","105776599714034846449009014071049088749","91713052865866203287919674562354587500","311469060184620201922449061360819813318","261727696924826329706455160086427564764","29644198073670928873178804104557865764","124872315640180458536801381911685313981","296138444704097752526319831045565885465","38601468519811532903974214382359709107","173084971804331460630051338744539530783","92030473942336281800455547971085774171","38973028764776317055822252692731803257","99932116521598025928363516326640477639"]}},{"signature_type":"Function","deprecated":false,"id":"CVE-2020-27223-57339a36","target":{"file":"jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java","function":"QuotedQualityCSV"},"source":"https://github.com/jetty/jetty.project/commit/10e531756b972162eed402c44d0244f7f6b85131","signature_version":"v1","digest":{"function_hash":"88006686507020079735535315236248256351","length":249}},{"signature_type":"Function","deprecated":false,"id":"CVE-2020-27223-beef10ab","target":{"file":"jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java","function":"parsedParam"},"source":"https://github.com/jetty/jetty.project/commit/10e531756b972162eed402c44d0244f7f6b85131","signature_version":"v1","digest":{"function_hash":"309805179836461238316607034527752687358","length":799}},{"signature_type":"Function","deprecated":false,"id":"CVE-2020-27223-c7409176","target":{"file":"jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java","function":"sort"},"source":"https://github.com/jetty/jetty.project/commit/10e531756b972162eed402c44d0244f7f6b85131","signature_version":"v1","digest":{"function_hash":"237623596255308684413963623535570052580","length":857}}],"unresolved_ranges":[{"events":[{"introduced":"9.4.7"},{"fixed":"9.4.36"}]},{"events":[{"introduced":"11.0.0"},{"last_affected":"11.70.1"}]},{"events":[{"introduced":"0"},{"fixed":"20.4.3.050.1904"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27223.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}