{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T19:46:19.462","vulnerabilities":[{"cve":{"id":"CVE-2025-11143","sourceIdentifier":"emo@eclipse.org","published":"2026-03-05T10:15:54.680","lastModified":"2026-03-06T20:30:58.117","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details."},{"lang":"es","value":"El analizador URI de Jetty tiene algunas diferencias clave con respecto a otros analizadores comunes al evaluar URIs inválidas o inusuales. El análisis diferencial de URIs en sistemas que utilizan múltiples componentes puede resultar en una elusión de seguridad. Por ejemplo, un componente que aplica una lista negra puede interpretar las URIs de manera diferente de uno que genera una respuesta. Como mínimo, el análisis diferencial puede divulgar detalles de implementación."}],"metrics":{"cvssMetricV31":[{"source":"emo@eclipse.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"emo@eclipse.org","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionStartIncluding":"9.4.0","versionEndIncluding":"9.4.58","matchCriteriaId":"D6BB4322-1158-46D7-8A04-2B4FBC3941A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndIncluding":"10.0.26","matchCriteriaId":"56F09A5B-49C1-406A-B4F6-D6F2D3FA660E"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.0.26","matchCriteriaId":"2B1CFB36-11A3-449E-BDDF-7837CE9E1511"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.0.31","matchCriteriaId":"FDBDC172-58CA-4579-8A14-05977FE1E453"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.0","versionEndExcluding":"12.1.5","matchCriteriaId":"0E18C4D9-4B42-40A6-9630-F844F0C83910"}]}]}],"references":[{"url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh","source":"emo@eclipse.org","tags":["Vendor Advisory"]}]}}]}