[jira] [Created] (KAFKA-20283) [CVE-2025-11143] [jetty-http]

Krishna Chidrawar (Jira) Mon, 09 Mar 2026 04:27:14 -0700

Krishna Chidrawar created KAFKA-20283:
-----------------------------------------


             Summary: [CVE-2025-11143] [jetty-http]
                 Key: KAFKA-20283
                 URL: https://issues.apache.org/jira/browse/KAFKA-20283
             Project: Kafka
          Issue Type: Bug
    Affects Versions: 4.2.0
            Reporter: Krishna Chidrawar


 The Jetty URI parser has some key differences to other common parsers when 
evaluating invalid or unusual URIs. Differential parsing of URIs in systems 
using multiple components may result in security by-pass. For example a 
component that enforces a black list may interpret the URIs differently from 
one that generates a response. At the very least, differential parsing may 
divulge implementation details.

*NVD URL :* [https://nvd.nist.gov/vuln/detail/CVE-2025-11143]
*Fix Version :* 12.0.31, 12.1.5



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (KAFKA-20283) [CVE-2025-11143] [jetty-http]

Reply via email to