From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: URI parsing of invalid authority - Publisher: joakime - CVE ID: CVE-2024-6763 - Description: The HttpURI class in Eclipse Jetty performs insufficient validation of the authority part when processing invalid URIs, potentially leading to SSRF (Server-Side Request Forgery) attacks. 2. Affected Component: - Component: org.eclipse.jetty:jetty-http - Affected Version Range: >=7.0.0, <=12.0.11 - Fixed Version: 12.0.12 3. Attack Overview: - Attack Method: The HttpURI class lacks sufficient validation of the authority part in invalid URIs, which may enable SSRF attacks. - Attack Scenario: When the HttpURI class and Requesters (such as Chrome, Firefox, and Safari) process invalid URIs, attackers can exploit this vulnerability. 4. PoC (Proof of Concept): - Example Payloads: - http://browser.check &@vulndetector.com/ - http://browser.check #@vulndetector.com/ - http://browser.check?@vulndetector.com/ - http://browser.check@vulndetector.com/ - http://vulndetector.com/ 5. Impact: - Scope of Impact: Limited to developers who directly use Jetty's HttpURI. - Mitigation: Upgrade to version 12.0.12, or implement stricter validation during URI processing. 6. References: - CWE-1286 - RFC9110 Section 4.2.4 This information helps understand the nature of the vulnerability, its scope of impact, and how to mitigate it.