Issue Overview: For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. (CVE-2021-28169) Affected Packages: jetty Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: "Run yum update jetty to update your system. " New Packages: noarch:     jetty-project-9.0.3-8.amzn2.0.1.noarch     jetty-annotations-9.0.3-8.amzn2.0.1.noarch     jetty-ant-9.0.3-8.amzn2.0.1.noarch     jetty-client-9.0.3-8.amzn2.0.1.noarch     jetty-continuation-9.0.3-8.amzn2.0.1.noarch     jetty-deploy-9.0.3-8.amzn2.0.1.noarch     jetty-http-9.0.3-8.amzn2.0.1.noarch     jetty-io-9.0.3-8.amzn2.0.1.noarch     jetty-jaas-9.0.3-8.amzn2.0.1.noarch     jetty-jaspi-9.0.3-8.amzn2.0.1.noarch     jetty-jmx-9.0.3-8.amzn2.0.1.noarch     jetty-jndi-9.0.3-8.amzn2.0.1.noarch     jetty-jsp-9.0.3-8.amzn2.0.1.noarch     jetty-jspc-maven-plugin-9.0.3-8.amzn2.0.1.noarch     jetty-maven-plugin-9.0.3-8.amzn2.0.1.noarch     jetty-monitor-9.0.3-8.amzn2.0.1.noarch     jetty-plus-9.0.3-8.amzn2.0.1.noarch     jetty-proxy-9.0.3-8.amzn2.0.1.noarch    …Read More