vulnerability

Amazon Linux AMI 2: CVE-2023-36479: Security patch for jetty (ALAS-2024-2394)

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Published
Sep 15, 2023
Added
Jan 10, 2024
Modified
May 29, 2025

Description

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.

Solution(s)

amazon-linux-ami-2-upgrade-jetty-annotationsamazon-linux-ami-2-upgrade-jetty-antamazon-linux-ami-2-upgrade-jetty-clientamazon-linux-ami-2-upgrade-jetty-continuationamazon-linux-ami-2-upgrade-jetty-deployamazon-linux-ami-2-upgrade-jetty-httpamazon-linux-ami-2-upgrade-jetty-ioamazon-linux-ami-2-upgrade-jetty-jaasamazon-linux-ami-2-upgrade-jetty-jaspiamazon-linux-ami-2-upgrade-jetty-javadocamazon-linux-ami-2-upgrade-jetty-jmxamazon-linux-ami-2-upgrade-jetty-jndiamazon-linux-ami-2-upgrade-jetty-jspamazon-linux-ami-2-upgrade-jetty-jspc-maven-pluginamazon-linux-ami-2-upgrade-jetty-maven-pluginamazon-linux-ami-2-upgrade-jetty-monitoramazon-linux-ami-2-upgrade-jetty-plusamazon-linux-ami-2-upgrade-jetty-projectamazon-linux-ami-2-upgrade-jetty-proxyamazon-linux-ami-2-upgrade-jetty-rewriteamazon-linux-ami-2-upgrade-jetty-runneramazon-linux-ami-2-upgrade-jetty-securityamazon-linux-ami-2-upgrade-jetty-serveramazon-linux-ami-2-upgrade-jetty-servletamazon-linux-ami-2-upgrade-jetty-servletsamazon-linux-ami-2-upgrade-jetty-startamazon-linux-ami-2-upgrade-jetty-utilamazon-linux-ami-2-upgrade-jetty-util-ajaxamazon-linux-ami-2-upgrade-jetty-webappamazon-linux-ami-2-upgrade-jetty-websocket-apiamazon-linux-ami-2-upgrade-jetty-websocket-clientamazon-linux-ami-2-upgrade-jetty-websocket-commonamazon-linux-ami-2-upgrade-jetty-websocket-parentamazon-linux-ami-2-upgrade-jetty-websocket-serveramazon-linux-ami-2-upgrade-jetty-websocket-servletamazon-linux-ami-2-upgrade-jetty-xml
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.