Source: jetty9 Version: 9.2.21-1 Severity: important Tags: patch upstream security Forwarded: https://github.com/eclipse/jetty.project/issues/1556
Hi Due to #864631 I realize you are already aware. Filling this bug for tracking purposes since there is no CVE id yet assiged. jetty has a timing channel flaw in Password.java. Upstream bug: https://github.com/eclipse/jetty.project/issues/1556 Regards, Salvatore
