CVE-2019-10241 (Medium) detected in multiple libraries - autoclosed

## CVE-2019-10241 - Medium Severity Vulnerability
<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Libraries - jetty-util-8.2.0.v20160908.jar, jetty-util-7.6.0.v20120127.jar, jetty-server-7.6.0.v20120127.jar, jetty-util-8.1.22.v20160922.jar, jetty-servlet-9.0.7.v20131107.jar, jetty-server-8.0.4.v20111024.jar, jetty-servlet-8.1.22.v20160922.jar, jetty-server-9.0.0.v20130308.jar, jetty-servlet-7.0.0.v20091005.jar, jetty-servlet-8.0.4.v20111024.jar, jetty-servlet-9.3.2.v20150730.jar, jetty-util-9.1.0.v20131115.jar, jetty-server-9.2.9.v20150224.jar, jetty-server-9.0.7.v20131107.jar, jetty-util-9.2.9.v20150224.jar, jetty-util-9.2.15.v20160210.jar, jetty-server-9.4.1.v20170120.jar, jetty-server-7.0.0.v20091005.jar, jetty-servlet-9.2.9.v20150224.jar, jetty-util-9.4.5.v20170502.jar, jetty-server-8.1.22.v20160922.jar, jetty-server-9.3.2.v20150730.jar, jetty-servlet-9.3.6.v20151106.jar, jetty-util-7.6.21.v20160908.jar, jetty-util-9.3.2.v20150730.jar, jetty-servlet-9.4.1.v20170120.jar, jetty-util-9.3.6.v20151106.jar, jetty-util-8.0.4.v20111024.jar, jetty-server-8.2.0.v20160908.jar, jetty-util-9.4.1.v20170120.jar, jetty-servlet-7.6.21.v20160908.jar, jetty-util-9.2.12.v20150709.jar, jetty-server-9.1.0.v20131115.jar, jetty-util-7.0.0.v20091005.jar, jetty-server-7.6.21.v20160908.jar, jetty-servlet-9.0.0.v20130308.jar, jetty-util-9.0.7.v20131107.jar, jetty-servlet-7.6.0.v20120127.jar, jetty-util-9.0.0.v20130308.jar, jetty-server-9.3.6.v20151106.jar, jetty-servlet-8.2.0.v20160908.jar</summary>


<details><summary>jetty-util-8.2.0.v20160908.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.6/jetty-7.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/8.2.0.v20160908/4ee77aaee05035ca4255d21187ff50b45ef81f55/jetty-util-8.2.0.v20160908.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/8.2.0.v20160908/4ee77aaee05035ca4255d21187ff50b45ef81f55/jetty-util-8.2.0.v20160908.jar


Dependency Hierarchy:
 - jetty-server-8.2.0.v20160908.jar (Root Library)
 - jetty-http-8.2.0.v20160908.jar
 - jetty-io-8.2.0.v20160908.jar
 - :x: **jetty-util-8.2.0.v20160908.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-7.6.0.v20120127.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.6/jetty-7.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/7.6.0.v20120127/2c2bb1f28510723b955a48b40ba7f2aac4de22a4/jetty-util-7.6.0.v20120127.jar


Dependency Hierarchy:
 - jetty-server-7.6.0.v20120127.jar (Root Library)
 - jetty-http-7.6.0.v20120127.jar
 - jetty-io-7.6.0.v20120127.jar
 - :x: **jetty-util-7.6.0.v20120127.jar** (Vulnerable Library)
</details>
<details><summary>jetty-server-7.6.0.v20120127.jar</summary>

The core jetty server artifact.
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.6/jetty-7.6.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/7.6.0.v20120127/7cab9e8e39058427410c5a4c353f9866f27f845c/jetty-server-7.6.0.v20120127.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/7.6.0.v20120127/7cab9e8e39058427410c5a4c353f9866f27f845c/jetty-server-7.6.0.v20120127.jar


Dependency Hierarchy:
 - :x: **jetty-server-7.6.0.v20120127.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-8.1.22.v20160922.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/8.1.22.v20160922/5ae59f43ce3a356c98d6a3b7b2b8ef46f227ff1d/jetty-util-8.1.22.v20160922.jar


Dependency Hierarchy:
 - spring-boot-starter-jetty-1.5.9.RELEASE.jar (Root Library)
 - jetty-webapp-8.1.22.v20160922.jar
 - jetty-xml-8.1.22.v20160922.jar
 - :x: **jetty-util-8.1.22.v20160922.jar** (Vulnerable Library)
</details>
<details><summary>jetty-servlet-9.0.7.v20131107.jar</summary>

Jetty Servlet Container
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard-views/dropwizard-views.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/9.0.7.v20131107/f7d8ce6ecb2318b906ba4df1b8625ab2b34e305b/jetty-servlet-9.0.7.v20131107.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/9.0.7.v20131107/f7d8ce6ecb2318b906ba4df1b8625ab2b34e305b/jetty-servlet-9.0.7.v20131107.jar


Dependency Hierarchy:
 - dropwizard-testing-0.7.1.jar (Root Library)
 - dropwizard-core-0.7.1.jar
 - dropwizard-jetty-0.7.1.jar
 - :x: **jetty-servlet-9.0.7.v20131107.jar** (Vulnerable Library)
</details>
<details><summary>jetty-server-8.0.4.v20111024.jar</summary>

The core jetty server artifact.
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.0/jetty-7.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/8.0.4.v20111024/42f734d8cfb012aa00b3bf9cbd848606a076a6e1/jetty-server-8.0.4.v20111024.jar,/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/8.0.4.v20111024/42f734d8cfb012aa00b3bf9cbd848606a076a6e1/jetty-server-8.0.4.v20111024.jar


Dependency Hierarchy:
 - :x: **jetty-server-8.0.4.v20111024.jar** (Vulnerable Library)
</details>
<details><summary>jetty-servlet-8.1.22.v20160922.jar</summary>

Jetty Servlet Container
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/8.1.22.v20160922/fec7c52faa7471bafcccdc37bdd50551296b553e/jetty-servlet-8.1.22.v20160922.jar


Dependency Hierarchy:
 - spring-boot-starter-jetty-1.5.9.RELEASE.jar (Root Library)
 - jetty-webapp-8.1.22.v20160922.jar
 - :x: **jetty-servlet-8.1.22.v20160922.jar** (Vulnerable Library)
</details>
<details><summary>jetty-server-9.0.0.v20130308.jar</summary>

The core jetty server artifact.
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-9/jetty-9.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.0.0.v20130308/157403813bb93758f9281e299ec458e6ef5e0aa/jetty-server-9.0.0.v20130308.jar,/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.0.0.v20130308/157403813bb93758f9281e299ec458e6ef5e0aa/jetty-server-9.0.0.v20130308.jar


Dependency Hierarchy:
 - :x: **jetty-server-9.0.0.v20130308.jar** (Vulnerable Library)
</details>
<details><summary>jetty-servlet-7.0.0.v20091005.jar</summary>

Jetty Servlet Container
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.0/jetty-7.0.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/7.0.0.v20091005/ce0e9527359bca5b3b4bb9cac0741693ac782a0c/jetty-servlet-7.0.0.v20091005.jar,/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/7.0.0.v20091005/ce0e9527359bca5b3b4bb9cac0741693ac782a0c/jetty-servlet-7.0.0.v20091005.jar


Dependency Hierarchy:
 - :x: **jetty-servlet-7.0.0.v20091005.jar** (Vulnerable Library)
</details>
<details><summary>jetty-servlet-8.0.4.v20111024.jar</summary>

Jetty Servlet Container
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.0/jetty-7.0.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/8.0.4.v20111024/fc709c33b5b38b9c22d99ff05446625a7b7a796/jetty-servlet-8.0.4.v20111024.jar


Dependency Hierarchy:
 - :x: **jetty-servlet-8.0.4.v20111024.jar** (Vulnerable Library)
</details>
<details><summary>jetty-servlet-9.3.2.v20150730.jar</summary>

Jetty Servlet Container
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/sparkjava-2.3/sparkjava-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/9.3.2.v20150730/a7ce8b11d340e152dd7dc94e7605c84230f05cf5/jetty-servlet-9.3.2.v20150730.jar


Dependency Hierarchy:
 - spark-core-2.3.jar (Root Library)
 - jetty-webapp-9.3.2.v20150730.jar
 - :x: **jetty-servlet-9.3.2.v20150730.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-9.1.0.v20131115.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-client-9.1/jetty-client-9.1.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.1.0.v20131115/440fc44218366a7b58739aef4402b4927e135b9c/jetty-util-9.1.0.v20131115.jar,/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.1.0.v20131115/440fc44218366a7b58739aef4402b4927e135b9c/jetty-util-9.1.0.v20131115.jar


Dependency Hierarchy:
 - :x: **jetty-util-9.1.0.v20131115.jar** (Vulnerable Library)
</details>
<details><summary>jetty-server-9.2.9.v20150224.jar</summary>

The core jetty server artifact.
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.2.9.v20150224/d30a52e992c3484569f58763f55097a1da3202ee/jetty-server-9.2.9.v20150224.jar


Dependency Hierarchy:
 - dropwizard-testing-0.8.0.jar (Root Library)
 - dropwizard-core-0.8.0.jar
 - dropwizard-jersey-0.8.0.jar
 - :x: **jetty-server-9.2.9.v20150224.jar** (Vulnerable Library)
</details>
<details><summary>jetty-server-9.0.7.v20131107.jar</summary>

The core jetty server artifact.
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard-views/dropwizard-views.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.0.7.v20131107/682ae23f9e4a5e397d96f215b62641755d2a59b7/jetty-server-9.0.7.v20131107.jar


Dependency Hierarchy:
 - dropwizard-views-0.7.0.jar (Root Library)
 - dropwizard-core-0.7.0.jar
 - dropwizard-lifecycle-0.7.0.jar
 - :x: **jetty-server-9.0.7.v20131107.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-9.2.9.v20150224.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.2.9.v20150224/b5fb774a02158e9f66fed949581159a8d0dfcbe1/jetty-util-9.2.9.v20150224.jar


Dependency Hierarchy:
 - dropwizard-testing-0.8.0.jar (Root Library)
 - dropwizard-core-0.8.0.jar
 - dropwizard-logging-0.8.0.jar
 - :x: **jetty-util-9.2.9.v20150224.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-9.2.15.v20160210.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-smoke-tests/play-2.5/play-2.5.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.2.15.v20160210/ccd245541cc63311bdcfe551525bd7d82ea5e92c/jetty-util-9.2.15.v20160210.jar


Dependency Hierarchy:
 - play-test_2.11-2.5.19.jar (Root Library)
 - htmlunit-2.20.jar
 - websocket-client-9.2.15.v20160210.jar
 - :x: **jetty-util-9.2.15.v20160210.jar** (Vulnerable Library)
</details>
<details><summary>jetty-server-9.4.1.v20170120.jar</summary>

The core jetty server artifact.
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/benchmark-integration/jetty-perftest/jetty-perftest.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.1.v20170120/4cf4bea26592de98b9126ac60bc91fb669176a63/jetty-server-9.4.1.v20170120.jar,/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.1.v20170120/4cf4bea26592de98b9126ac60bc91fb669176a63/jetty-server-9.4.1.v20170120.jar


Dependency Hierarchy:
 - :x: **jetty-server-9.4.1.v20170120.jar** (Vulnerable Library)
</details>
<details><summary>jetty-server-7.0.0.v20091005.jar</summary>

The core jetty server artifact.
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/servlet/request-2/request-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/7.0.0.v20091005/6de72368655d23f2ef21424ed25d0cf78d0904c9/jetty-server-7.0.0.v20091005.jar,/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/7.0.0.v20091005/6de72368655d23f2ef21424ed25d0cf78d0904c9/jetty-server-7.0.0.v20091005.jar,/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/7.0.0.v20091005/6de72368655d23f2ef21424ed25d0cf78d0904c9/jetty-server-7.0.0.v20091005.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/7.0.0.v20091005/6de72368655d23f2ef21424ed25d0cf78d0904c9/jetty-server-7.0.0.v20091005.jar


Dependency Hierarchy:
 - :x: **jetty-server-7.0.0.v20091005.jar** (Vulnerable Library)
</details>
<details><summary>jetty-servlet-9.2.9.v20150224.jar</summary>

Jetty Servlet Container
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/9.2.9.v20150224/1797875a3cc524d181733f323866a5f7bbca03a7/jetty-servlet-9.2.9.v20150224.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/9.2.9.v20150224/1797875a3cc524d181733f323866a5f7bbca03a7/jetty-servlet-9.2.9.v20150224.jar


Dependency Hierarchy:
 - dropwizard-testing-0.8.0.jar (Root Library)
 - dropwizard-core-0.8.0.jar
 - dropwizard-jersey-0.8.0.jar
 - jetty-webapp-9.2.9.v20150224.jar
 - :x: **jetty-servlet-9.2.9.v20150224.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-9.4.5.v20170502.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-smoke-tests/play-2.6/play-2.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.4.5.v20170502/5fd36dfcf39110b809bd9b20cec62706ab694711/jetty-util-9.4.5.v20170502.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.4.5.v20170502/5fd36dfcf39110b809bd9b20cec62706ab694711/jetty-util-9.4.5.v20170502.jar


Dependency Hierarchy:
 - play-test_2.12-2.6.25.jar (Root Library)
 - htmlunit-driver-2.27.jar
 - htmlunit-2.27.jar
 - websocket-client-9.4.5.v20170502.jar
 - :x: **jetty-util-9.4.5.v20170502.jar** (Vulnerable Library)
</details>
<details><summary>jetty-server-8.1.22.v20160922.jar</summary>

The core jetty server artifact.
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/8.1.22.v20160922/713c1fefc16be4ee28aaa47261475173c9f98ba2/jetty-server-8.1.22.v20160922.jar


Dependency Hierarchy:
 - spring-boot-starter-jetty-1.5.9.RELEASE.jar (Root Library)
 - jetty-webapp-8.1.22.v20160922.jar
 - jetty-servlet-8.1.22.v20160922.jar
 - jetty-security-8.1.22.v20160922.jar
 - :x: **jetty-server-8.1.22.v20160922.jar** (Vulnerable Library)
</details>
<details><summary>jetty-server-9.3.2.v20150730.jar</summary>

The core jetty server artifact.
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/sparkjava-2.3/sparkjava-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.3.2.v20150730/d53622049200cee5c344b29c848d581aa876f93e/jetty-server-9.3.2.v20150730.jar


Dependency Hierarchy:
 - spark-core-2.3.jar (Root Library)
 - :x: **jetty-server-9.3.2.v20150730.jar** (Vulnerable Library)
</details>
<details><summary>jetty-servlet-9.3.6.v20151106.jar</summary>

Jetty Servlet Container
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/sparkjava-2.3/sparkjava-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/9.3.6.v20151106/62c03d6c7203735d4e28e4e78e22df38152f01ef/jetty-servlet-9.3.6.v20151106.jar


Dependency Hierarchy:
 - spark-core-2.4.jar (Root Library)
 - websocket-server-9.3.6.v20151106.jar
 - :x: **jetty-servlet-9.3.6.v20151106.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-7.6.21.v20160908.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/servlet/request-2/request-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/7.6.21.v20160908/bd135a2685448834da4e0e993252620141d7528b/jetty-util-7.6.21.v20160908.jar


Dependency Hierarchy:
 - jetty-server-7.6.21.v20160908.jar (Root Library)
 - jetty-http-7.6.21.v20160908.jar
 - jetty-io-7.6.21.v20160908.jar
 - :x: **jetty-util-7.6.21.v20160908.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-9.3.2.v20150730.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/sparkjava-2.3/sparkjava-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.3.2.v20150730/96eab74d8886ee9d51b6a3eeab9744807e842169/jetty-util-9.3.2.v20150730.jar


Dependency Hierarchy:
 - spark-core-2.3.jar (Root Library)
 - jetty-webapp-9.3.2.v20150730.jar
 - jetty-xml-9.3.2.v20150730.jar
 - :x: **jetty-util-9.3.2.v20150730.jar** (Vulnerable Library)
</details>
<details><summary>jetty-servlet-9.4.1.v20170120.jar</summary>

Jetty Servlet Container
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/benchmark-integration/jetty-perftest/jetty-perftest.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/9.4.1.v20170120/406a6edc22311629b41e98ab26901574d243d408/jetty-servlet-9.4.1.v20170120.jar


Dependency Hierarchy:
 - :x: **jetty-servlet-9.4.1.v20170120.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-9.3.6.v20151106.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/sparkjava-2.3/sparkjava-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.3.6.v20151106/8721c8e670c11ea19005c567733453956b6243fc/jetty-util-9.3.6.v20151106.jar


Dependency Hierarchy:
 - spark-core-2.4.jar (Root Library)
 - jetty-server-9.3.6.v20151106.jar
 - jetty-io-9.3.6.v20151106.jar
 - :x: **jetty-util-9.3.6.v20151106.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-8.0.4.v20111024.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.0/jetty-7.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/8.0.4.v20111024/33f60c71941d90302751f72a12bcf1d299c17c75/jetty-util-8.0.4.v20111024.jar


Dependency Hierarchy:
 - jetty-server-8.0.4.v20111024.jar (Root Library)
 - jetty-http-8.0.4.v20111024.jar
 - jetty-io-8.0.4.v20111024.jar
 - :x: **jetty-util-8.0.4.v20111024.jar** (Vulnerable Library)
</details>
<details><summary>jetty-server-8.2.0.v20160908.jar</summary>

The core jetty server artifact.
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.6/jetty-7.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/8.2.0.v20160908/a175d2617631a72ef265060fa263ff4d7d1654a0/jetty-server-8.2.0.v20160908.jar,/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/8.2.0.v20160908/a175d2617631a72ef265060fa263ff4d7d1654a0/jetty-server-8.2.0.v20160908.jar,/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/8.2.0.v20160908/a175d2617631a72ef265060fa263ff4d7d1654a0/jetty-server-8.2.0.v20160908.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/8.2.0.v20160908/a175d2617631a72ef265060fa263ff4d7d1654a0/jetty-server-8.2.0.v20160908.jar


Dependency Hierarchy:
 - :x: **jetty-server-8.2.0.v20160908.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-9.4.1.v20170120.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/benchmark-integration/jetty-perftest/jetty-perftest.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.4.1.v20170120/810c4e4275e399feaf6e8bc51aa72645bdc06205/jetty-util-9.4.1.v20170120.jar


Dependency Hierarchy:
 - jetty-server-9.4.1.v20170120.jar (Root Library)
 - jetty-http-9.4.1.v20170120.jar
 - :x: **jetty-util-9.4.1.v20170120.jar** (Vulnerable Library)
</details>
<details><summary>jetty-servlet-7.6.21.v20160908.jar</summary>

Jetty Servlet Container
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/servlet/request-2/request-2.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/7.6.21.v20160908/1cbd125d58166261371b4919bd7bae8a0512dfbd/jetty-servlet-7.6.21.v20160908.jar


Dependency Hierarchy:
 - :x: **jetty-servlet-7.6.21.v20160908.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-9.2.12.v20150709.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-smoke-tests/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.2.12.v20150709/d99d38adfdb5ec677643f04fa862554b0bb8b42e/jetty-util-9.2.12.v20150709.jar


Dependency Hierarchy:
 - play-test_2.11-2.4.11.jar (Root Library)
 - fluentlenium-core-0.10.9.jar
 - selenium-java-2.48.2.jar
 - selenium-htmlunit-driver-2.48.2.jar
 - htmlunit-2.18.jar
 - websocket-client-9.2.12.v20150709.jar
 - :x: **jetty-util-9.2.12.v20150709.jar** (Vulnerable Library)
</details>
<details><summary>jetty-server-9.1.0.v20131115.jar</summary>

The core jetty server artifact.
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-client-9.1/jetty-client-9.1.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.1.0.v20131115/c64cb3ab62ff32fcd8b838369a426c688d901103/jetty-server-9.1.0.v20131115.jar


Dependency Hierarchy:
 - :x: **jetty-server-9.1.0.v20131115.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-7.0.0.v20091005.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/servlet/request-2/request-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/7.0.0.v20091005/5b6c27791dc5ec98feca5a87aaecf38b5109d43a/jetty-util-7.0.0.v20091005.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/7.0.0.v20091005/5b6c27791dc5ec98feca5a87aaecf38b5109d43a/jetty-util-7.0.0.v20091005.jar


Dependency Hierarchy:
 - jetty-server-7.0.0.v20091005.jar (Root Library)
 - jetty-http-7.0.0.v20091005.jar
 - jetty-io-7.0.0.v20091005.jar
 - :x: **jetty-util-7.0.0.v20091005.jar** (Vulnerable Library)
</details>
<details><summary>jetty-server-7.6.21.v20160908.jar</summary>

The core jetty server artifact.
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/servlet/request-2/request-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/7.6.21.v20160908/a56288d7d1728f06fa01d0f5cd8394177ae249e0/jetty-server-7.6.21.v20160908.jar,/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/7.6.21.v20160908/a56288d7d1728f06fa01d0f5cd8394177ae249e0/jetty-server-7.6.21.v20160908.jar


Dependency Hierarchy:
 - :x: **jetty-server-7.6.21.v20160908.jar** (Vulnerable Library)
</details>
<details><summary>jetty-servlet-9.0.0.v20130308.jar</summary>

Jetty Servlet Container
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-9/jetty-9.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/9.0.0.v20130308/738b6930076d2c036fe2c4ff809068b00b4ab232/jetty-servlet-9.0.0.v20130308.jar


Dependency Hierarchy:
 - :x: **jetty-servlet-9.0.0.v20130308.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-9.0.7.v20131107.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard-views/dropwizard-views.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.0.7.v20131107/93a606c83b047e8855eb3af68c335e60fa757367/jetty-util-9.0.7.v20131107.jar


Dependency Hierarchy:
 - dropwizard-views-0.7.0.jar (Root Library)
 - dropwizard-core-0.7.0.jar
 - dropwizard-lifecycle-0.7.0.jar
 - jetty-server-9.0.7.v20131107.jar
 - jetty-io-9.0.7.v20131107.jar
 - :x: **jetty-util-9.0.7.v20131107.jar** (Vulnerable Library)
</details>
<details><summary>jetty-servlet-7.6.0.v20120127.jar</summary>

Jetty Servlet Container
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.6/jetty-7.6.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/7.6.0.v20120127/9877c75b2a5b664ba9d41db325217c650f1326a0/jetty-servlet-7.6.0.v20120127.jar


Dependency Hierarchy:
 - :x: **jetty-servlet-7.6.0.v20120127.jar** (Vulnerable Library)
</details>
<details><summary>jetty-util-9.0.0.v20130308.jar</summary>

Utility classes for Jetty
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/jetty-9/jetty-9.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.0.0.v20130308/19859238118e33ad1be4c0b629fe69c0f73853f4/jetty-util-9.0.0.v20130308.jar


Dependency Hierarchy:
 - jetty-server-9.0.0.v20130308.jar (Root Library)
 - jetty-io-9.0.0.v20130308.jar
 - :x: **jetty-util-9.0.0.v20130308.jar** (Vulnerable Library)
</details>
<details><summary>jetty-server-9.3.6.v20151106.jar</summary>

The core jetty server artifact.
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/sparkjava-2.3/sparkjava-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.3.6.v20151106/d9c43a1b20ede7e3c456237d71b4cce1dff5457a/jetty-server-9.3.6.v20151106.jar


Dependency Hierarchy:
 - spark-core-2.4.jar (Root Library)
 - :x: **jetty-server-9.3.6.v20151106.jar** (Vulnerable Library)
</details>
<details><summary>jetty-servlet-8.2.0.v20160908.jar</summary>

Jetty Servlet Container
Library home page: <a href="http://www.eclipse.org/jetty">http://www.eclipse.org/jetty</a>
Path to dependency file: /dd-java-agent/instrumentation/servlet/request-3/request-3.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/8.2.0.v20160908/80e896d7010e1c676dd62fb05b3338aacc99ce23/jetty-servlet-8.2.0.v20160908.jar,/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/8.2.0.v20160908/80e896d7010e1c676dd62fb05b3338aacc99ce23/jetty-servlet-8.2.0.v20160908.jar


Dependency Hierarchy:
 - :x: **jetty-servlet-8.2.0.v20160908.jar** (Vulnerable Library)
</details>

Found in HEAD commit: <a href="https://github.com/KDWSS/dd-trace-java/commit/2819174635979a19573ec0ce8e3e2b63a3848079">2819174635979a19573ec0ce8e3e2b63a3848079</a>
Found in base branch: master

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Vulnerability Details</summary>
 
 
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

Publish Date: 2019-04-22
URL: <a href=https://www.mend.io/vulnerability-database/CVE-2019-10241>CVE-2019-10241</a>

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS 3 Score Details (6.1)</summary>


Base Score Metrics:
- Exploitability Metrics:
 - Attack Vector: Network
 - Attack Complexity: Low
 - Privileges Required: None
 - User Interaction: Required
 - Scope: Changed
- Impact Metrics:
 - Confidentiality Impact: Low
 - Integrity Impact: Low
 - Availability Impact: None

For more information on CVSS3 Scores, click <a href="https://www.first.org/cvss/calculator/3.0">here</a>.

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/suggested_fix.png' width=19 height=20> Suggested Fix</summary>


Type: Upgrade version
Origin: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241</a>
Release Date: 2019-04-22
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.27.v20190403
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.27.v20190403Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.27.v20190403
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.27.v20190403Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.27.v20190403
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-jetty): 1.5.10.RELEASEFix Resolution (org.eclipse.jetty:jetty-servlet): 9.2.27.v20190403
Direct dependency fix Resolution (io.dropwizard:dropwizard-testing): 1.0.0Fix Resolution (org.eclipse.jetty:jetty-servlet): 9.2.27.v20190403
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-jetty): 1.5.10.RELEASEFix Resolution (org.eclipse.jetty:jetty-servlet): 9.3.26.v20190403
Direct dependency fix Resolution (com.sparkjava:spark-core): 2.6.0Fix Resolution (org.eclipse.jetty:jetty-server): 9.2.27.v20190403
Direct dependency fix Resolution (io.dropwizard:dropwizard-testing): 1.0.0Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.27.v20190403
Direct dependency fix Resolution (io.dropwizard:dropwizard-testing): 1.0.0Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.27.v20190403
Direct dependency fix Resolution (com.typesafe.play:play-test_2.11): 2.6.0Fix Resolution (org.eclipse.jetty:jetty-servlet): 9.2.27.v20190403
Direct dependency fix Resolution (io.dropwizard:dropwizard-testing): 1.0.0Fix Resolution (org.eclipse.jetty:jetty-util): 9.4.16.v20190411
Direct dependency fix Resolution (com.typesafe.play:play-test_2.12): 2.8.0Fix Resolution (org.eclipse.jetty:jetty-server): 9.2.27.v20190403
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-jetty): 1.5.10.RELEASEFix Resolution (org.eclipse.jetty:jetty-server): 9.3.26.v20190403
Direct dependency fix Resolution (com.sparkjava:spark-core): 2.6.0Fix Resolution (org.eclipse.jetty:jetty-servlet): 9.3.26.v20190403
Direct dependency fix Resolution (com.sparkjava:spark-core): 2.6.0Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.27.v20190403
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.27.v20190403Fix Resolution (org.eclipse.jetty:jetty-util): 9.3.26.v20190403
Direct dependency fix Resolution (com.sparkjava:spark-core): 2.6.0Fix Resolution (org.eclipse.jetty:jetty-util): 9.3.26.v20190403
Direct dependency fix Resolution (com.sparkjava:spark-core): 2.6.0Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.27.v20190403
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.27.v20190403Fix Resolution (org.eclipse.jetty:jetty-util): 9.4.16.v20190411
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.4.3.v20180619Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.27.v20190403
Direct dependency fix Resolution (com.typesafe.play:play-test_2.11): 2.6.0Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.27.v20190403
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.27.v20190403Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.27.v20190403
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.27.v20190403Fix Resolution (org.eclipse.jetty:jetty-server): 9.3.26.v20190403
Direct dependency fix Resolution (com.sparkjava:spark-core): 2.6.0


</details>


***
:rescue_worker_helmet: Automatic Remediation is available for this issue

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2019-10241 (Medium) detected in multiple libraries - autoclosed #282

CVE-2019-10241 - Medium Severity Vulnerability

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2019-10241 (Medium) detected in multiple libraries - autoclosed #282

Description

CVE-2019-10241 - Medium Severity Vulnerability

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions