Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review HTTP/2 error handling (CVE-2022-2048) #7935

Closed
sbordet opened this issue Apr 29, 2022 · 0 comments · Fixed by #7938
Closed

Review HTTP/2 error handling (CVE-2022-2048) #7935

sbordet opened this issue Apr 29, 2022 · 0 comments · Fixed by #7938
Labels
Bug For general bugs on Jetty side Security

Comments

@sbordet
Copy link
Contributor

sbordet commented Apr 29, 2022
edited by joakime
Loading

Jetty version(s)
9.4.x+

Description
Review HTTP/2 error handling, in particular during request processing.

Fixes Security Advisory
GHSA-wgmr-mf83-7x4j
CVE-2022-2048
@sbordet sbordet added the Bug For general bugs on Jetty side label Apr 29, 2022
sbordet added a commit that referenced this issue Apr 29, 2022
@sbordet
Fixes #7935 - Review HTTP/2 error handling
f78f92e 
Now returning error handling code as a Runnable.

Signed-off-by: Simone Bordet <[email protected]>
@sbordet sbordet linked a pull request Apr 29, 2022 that will close this issue
Fixes #7935 - Review HTTP/2 error handling #7938
Merged
sbordet added a commit that referenced this issue May 1, 2022
@sbordet
Fixes #7935 - Review HTTP/2 error handling
569be44 
Updates after review.

Signed-off-by: Simone Bordet <[email protected]>
joakime pushed a commit that referenced this issue May 11, 2022
@sbordet
Fixes #7935 - Review HTTP/2 error handling (#7938)
b705091 
* Fixes #7935 - Review HTTP/2 error handling

Now returning error handling code as a Runnable.
Updates after review.

Signed-off-by: Simone Bordet <[email protected]>
joakime pushed a commit that referenced this issue May 11, 2022
@sbordet @joakime
Fixes #7935 - Review HTTP/2 error handling (#7938)
af828e7 
Now returning error handling code as a Runnable.
Updates after review.

Signed-off-by: Simone Bordet <[email protected]>
Signed-off-by: Joakim Erdfelt <[email protected]>
joakime added a commit that referenced this issue May 11, 2022
@joakime
Issue #7935 - Fixing compilation errors
d6aa5af 
Signed-off-by: Joakim Erdfelt <[email protected]>
joakime added a commit that referenced this issue May 11, 2022
@joakime @sbordet
Fixes #7935 - Review HTTP/2 error handling (#7938) (#7978)
be912d4 
Now returning error handling code as a Runnable.
Updates after review.

Co-authored-by: Simone Bordet <[email protected]>
Signed-off-by: Joakim Erdfelt <[email protected]>
sbordet added a commit that referenced this issue May 23, 2022
@sbordet
Fixes #7935 - Review HTTP/2 error handling
5066b9a 
Fixed HTTP/3 in similar way as HTTP/2.

Signed-off-by: Simone Bordet <[email protected]>
sbordet added a commit that referenced this issue May 23, 2022
@sbordet
Fixes #7935 - Review HTTP/2 error handling (#8048)
513a2cb 
Fixed HTTP/3 in similar way as HTTP/2.

Signed-off-by: Simone Bordet <[email protected]>
@joakime joakime changed the title Review HTTP/2 error handling Review HTTP/2 error handling (CVE-2022-2048) Jul 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug For general bugs on Jetty side Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #7935 - Review HTTP/2 error handling jetty/jetty.project
2 participants
@joakime @sbordet