Describe the bug
Xray reports CVE-2025-5115 against org.eclipse.jetty:jetty-server:9.4.58. This CVE affects Jetty ≤9.4.57. The fix version is 9.4.58 — which is exactly our version. We are patched.
To Reproduce
Xray scan a software containing jetty-server 9.4.58 and see CVE-2025-5115 reported. This CVE was fixed in 9.4.58.
Expected behavior
CVE-2025-5115 should not be reported for Jetty >= 9.4.58, as 9.4.58 is the fix version.
Versions
- Package: org.eclipse.jetty:jetty-server:9.4.58
- Vulnerable range: ≤9.4.57
- Fix version: 9.4.58
Additional context
Advisory: GHSA-mmxm-8w33-wc4h
Describe the bug
Xray reports CVE-2025-5115 against org.eclipse.jetty:jetty-server:9.4.58. This CVE affects Jetty ≤9.4.57. The fix version is 9.4.58 — which is exactly our version. We are patched.
To Reproduce
Xray scan a software containing jetty-server 9.4.58 and see CVE-2025-5115 reported. This CVE was fixed in 9.4.58.
Expected behavior
CVE-2025-5115 should not be reported for Jetty >= 9.4.58, as 9.4.58 is the fix version.
Versions
Additional context
Advisory: GHSA-mmxm-8w33-wc4h