CVE-2020-27218

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.

Affected Software

Name	Vendor	Start Version	End Version
Jetty	Eclipse	9.4.0 (including)	9.4.35 (excluding)
Jetty	Eclipse	10.0.0-alpha0 (including)	10.0.0-alpha0 (including)
Jetty	Eclipse	10.0.0-alpha1 (including)	10.0.0-alpha1 (including)
Jetty	Eclipse	10.0.0-beta0 (including)	10.0.0-beta0 (including)
Jetty	Eclipse	10.0.0-beta1 (including)	10.0.0-beta1 (including)
Jetty	Eclipse	10.0.0-beta2 (including)	10.0.0-beta2 (including)
Jetty	Eclipse	11.0.0-alpha0 (including)	11.0.0-alpha0 (including)
Jetty	Eclipse	11.0.0-beta1 (including)	11.0.0-beta1 (including)
Jetty	Eclipse	11.0.0-beta2 (including)	11.0.0-beta2 (including)
Red Hat AMQ 7.8.1	RedHat	jetty	*
Red Hat AMQ LTS 7.4.6	RedHat	jetty	*
Red Hat Fuse 7.10	RedHat	jetty	*
Red Hat Integration Camel Quarkus	RedHat	jetty	*
Red Hat Migration Toolkit for Containers 1.4	RedHat	rhmtc/openshift-migration-controller-rhel8:v1.4.6-4	*
Red Hat Migration Toolkit for Containers 1.4	RedHat	rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4	*
Red Hat Migration Toolkit for Containers 1.4	RedHat	rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4	*
Red Hat Migration Toolkit for Containers 1.4	RedHat	rhmtc/openshift-migration-operator-bundle:v1.4.6-5	*
Red Hat Migration Toolkit for Containers 1.4	RedHat	rhmtc/openshift-migration-registry-rhel8:v1.4.6-4	*
Red Hat Migration Toolkit for Containers 1.4	RedHat	rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4	*
Red Hat Migration Toolkit for Containers 1.4	RedHat	rhmtc/openshift-migration-ui-rhel8:v1.4.6-4	*
Red Hat Migration Toolkit for Containers 1.4	RedHat	rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4	*
Red Hat Migration Toolkit for Containers 1.4	RedHat	rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3	*
Red Hat Migration Toolkit for Containers 1.4	RedHat	rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4	*
Red Hat Migration Toolkit for Containers 1.4	RedHat	rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5	*
Red Hat Migration Toolkit for Containers 1.4	RedHat	rhmtc/openshift-migration-velero-rhel8:v1.4.6-5	*
Red Hat Migration Toolkit for Containers 1.4	RedHat	rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4	*
Red Hat OpenShift Container Platform 3.11	RedHat	jenkins-0:2.289.1.1624365627-1.el7	*
Red Hat OpenShift Container Platform 4.5	RedHat	jenkins-0:2.277.3.1623846768-1.el7	*
Red Hat OpenShift Container Platform 4.6	RedHat	jenkins-0:2.277.3.1623853726-1.el8	*
RHINT Camel-K 1.6.4	RedHat	jetty	*
Eclipse	Ubuntu	bionic	*
Eclipse	Ubuntu	trusty	*
Eclipse	Ubuntu	xenial	*
Jetty	Ubuntu	trusty	*
Jetty	Ubuntu	xenial	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-27218
CWE	https://cwe.mitre.org/data/definitions/.html

Affected Software

References