GHSA-cj7v-27pg-wf7q · Severity: low · Ecosystem: maven — Jetty invalid URI parsing may produce invalid HttpURI.authority
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
Conclusion & alert: CVE-2022-2047 is rated Low Risk (30.9/100): CVSS Low severity, with medium exploitation likelihood (EPSS 0.93%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.36% | 0.93% | +0.57% |
| 2 | 2026-06-02 | 0.57% | 0.36% | -0.21% |
| 3 | 2026-05-22 | — | 0.57% | — |
Full EPSS history (27 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 2.7 | 3.1 | LOW |
|
1.2 | 1.4 | [email protected] |
| 2.7 | 3.1 | LOW |
|
1.2 | 1.4 | [email protected] |
| 4.0 | 2.0 | MEDIUM |
|
8.0 | 2.9 | [email protected] |
GHSA-cj7v-27pg-wf7q · Severity: low · Ecosystem: maven — Jetty invalid URI parsing may produce invalid HttpURI.authority
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2022-2047 not yet assigned priority: Debian including 1 source packages (jetty9), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2022-2047 |
redhat
|
low | — | https://access.redhat.com/security/cve/CVE-2022-2047 |
suse
|
low | CVE-2022-2047 severity low: SUSE including 97 source package names (jetty-annotations, jetty-annotations-9.4.48-1.1, …), 430 product×package rows across 31 product lines (SUSE Enterprise Storage 7, SUSE Enterprise Storage 7.1, … (31 product lines)): Fixed 256, Known Not Affected 174. | https://www.suse.com/security/cve/CVE-2022-2047/ |
ubuntu
|
medium | CVE-2022-2047 medium priority: Ubuntu including 3 source packages (jetty, jetty8, jetty9), 42 status rows across 14 suites (bionic, focal, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 23, needs-triage 10, not-affected 6, ignored 2, released 1. | https://ubuntu.com/security/CVE-2022-2047 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| eclipse | jetty | < 9.4.46 | cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* |
| eclipse | jetty | >= 10.0.0, < 10.0.9 | cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* |
| eclipse | jetty | >= 11.0.0, <= 11.0.9 | cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* |
| debian | debian_linux | 10.0 | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
| debian | debian_linux | 11.0 | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
| netapp | element_plug-in_for_vcenter_server | — | cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:* |
| netapp | management_services_for_element_software_and_netapp_hci | — | cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:* |
| netapp | snapcenter | — | cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* |
| netapp | solidfire_\&_hci_storage_node | — | cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:* |
| netapp | hci_compute_node | — | cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q | Patch Third Party Advisory |
| https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | Mailing List Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20220901-0006/ | Third Party Advisory |
| https://www.debian.org/security/2022/dsa-5198 | Third Party Advisory |