Issue Overview: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. (CVE-2021-28165) Affected Packages: jetty Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update jetty to update your system. New Packages: noarch:     jetty-project-9.0.3-8.amzn2.0.6.noarch     jetty-annotations-9.0.3-8.amzn2.0.6.noarch     jetty-ant-9.0.3-8.amzn2.0.6.noarch     jetty-client-9.0.3-8.amzn2.0.6.noarch     jetty-continuation-9.0.3-8.amzn2.0.6.noarch     jetty-deploy-9.0.3-8.amzn2.0.6.noarch     jetty-http-9.0.3-8.amzn2.0.6.noarch     jetty-io-9.0.3-8.amzn2.0.6.noarch     jetty-jaas-9.0.3-8.amzn2.0.6.noarch     jetty-jaspi-9.0.3-8.amzn2.0.6.noarch     jetty-jmx-9.0.3-8.amzn2.0.6.noarch     jetty-jndi-9.0.3-8.amzn2.0.6.noarch     jetty-jsp-9.0.3-8.amzn2.0.6.noarch     jetty-jspc-maven-plugin-9.0.3-8.amzn2.0.6.noarch     jetty-maven-plugin-9.0.3-8.amzn2.0.6.noarch     jetty-monitor-9.0.3-8.amzn2.0.6.noarch     jetty-plus-9.0.3-8.amzn2.0.6.noarch     jetty-proxy-9.0.3-8.amzn2.0.6.noarch     jetty-rewrite-9.0.3-8.amzn2.0.6.noarch     jetty-runner-9.0.3-8.amzn2.0.6.noarch     jetty-security-9.0.3-8.amzn2.0.6.noarch     jetty-server-9.0.3-8.amzn2.0.6.noarch     jetty-servlet-9.0.3-8.amzn2.0.6.noarch    …Read More